Ask Slashdot: Managing Encrypted Android Devices In State and Local Gov't? 138
An anonymous reader writes "I am a systems administrator for a mid size state agency. We currently offer Blackberries to our staff, but we are migrating to Android devices in the near future. Since phones have sensative data (email, documents, etc.), what is a good choice for encrypting that data? Options abound, like OS-level encryption from Motorola and Samsung, 3rd party apps from GoTrusted and even a LUKS port for Android. Does anyone have experience managing encrypted Android devices? What are the important features I should be looking at? Many thanks in advance." (And, for that matter, are there good options for doing the same with iPhones? Other options to consider?)
Don't encrypt (Score:5, Insightful)
If the state isn't doing anything wrong, it doesn't have anything to hide.
Re:Don't encrypt (Score:5, Insightful)
I encrypt the disks on my computers not to hide anything, I will gladly decrypt my disk for the FBI if they ever asked, but to prevent outside tampering. Without encryption, an adversary can just load up a linux live cd and tamper with anything they want with root access. By encrypting the entire disk I can prevent that sort of tampering. They can still boot a live cd, but they can't tamper with the installed operating system or the data.
Besides, there is a metric ton of personal information on any smart phone. How would you like Joe the Laptop Thief to get access to your Google account, or possibly even login information for your online banking?
Re:iPhone (Score:4, Insightful)
Nice propeller spinning but forget all that crap and lets get real.
If you want to enforce privacy of information you do two simple things.
YOU DON"T F*CKING ALLOW IT TO WALK OUT THE FRONT DOOR.
YOU DON"T ALLOW IT TO BE MOVED TO DEVICES OUTSIDE OF YOUR DIRECT CONTROL.
So just say no to BYOD, let em screech and bitch all they want. Tell em straight up, if your can't work without your precious iPad then go find an employer who doesn't need to deal with laws enforcing privacy. And good luck with that in this crappy economy. Just say no to portable devices, period, unless there is a truly compelling need. Data collection and off site archiving come to mind.
Otherwise admit you really don't care about privacy at all and get on with it and, again, you don't need to spend a lot of money on tech that won't actually work when it comes to crunch time with end user idiots.
Re:iPhone (Score:3, Insightful)
BYOD is here to stay whether you want to support it or not.
Re:iPhone (Score:0, Insightful)
iPhone is better for this stuff. but since you want android.
Spoken like a true iTard who has no idea what he's talking about. Android version 4.0 and above supports full disk encryption using AES you fucking tool.
Re:iPhone (Score:5, Insightful)
The obstructionism is well intentioned, but we have an obligation to try to support the needs of the business. Staff are more mobile, and the business is benefiting by having people more connected and better able to make decisions, even when they aren't sitting in front of a PC. So, let's make it secure.
You have no security. (Score:4, Insightful)
Assume that your carrier, cloud provider, and handset manufacturer all have access to everything on the phone.
With Blackberry, you could run your own server, and nothing in the public infrastructure had access to unencrypted data. With Android, Google has a direct tap into your data. Encryption won't help when the layer that reads the keys is under the control of the provider.
Re:Don't encrypt (Score:4, Insightful)
Sorry, but no, not everything the government has should be open for anyone to obtain and peruse. Take this [computerweekly.com] as an example, or several other blunders made by the UK government or its contractors. This [btlj.org] has some data and discussion on the US. Personally, I'm more concerned with the general lack of responsibility for these kind of breaches in both the public and the private sector.
Don't get me wrong, I agree with your ideal. But ideals can rarely if ever become reality. And they're not always the blessing that they would seem to be.
Re:Don't encrypt (Score:5, Insightful)
Re:state agency will take the best deal not the be (Score:3, Insightful)
Re:Don't encrypt (Score:5, Insightful)
I encrypt because I do have things to hide. I'm a normal person. Everyone has things they want to keep private. You wouldn't be happy getting your bank statements on the back of a postcard, would you?
Hiding stuff is normal. Everyone needs privacy. There is nothing wrong with it.