Fishbowl (secure phone)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Fishbowl is a mobile phone architecture developed by the U.S. National Security Agency (NSA) to provide a secure Voice over IP (VoIP) capability using commercial grade products that can be approved to communicate classified information. It is the first phase of NSA's Enterprise Mobility Architecture. According to a presentation at the 2012 RSA Conference by Margaret Salter, a Technical Director in the Information Assurance Directorate, "The plan was to buy commercial components, layer them together and get a secure solution. It uses solely commercial infrastructure to protect classified data." Government employees were reportedly testing 100 of the phones as of the announcement.[1]

The initial version was implemented using Google's Android operating system, modified to ensure central control of the phone's configuration at all times. To minimize the chance of compromise, the phones use two layers of encryption protocols, IPsec and Secure Real-time Transport Protocol (SRTP), and employ NSA's Suite B encryption and authentication algorithms. USMobile[2] has implemented commercial enterprise version of Fishbowl technology via the Scrambl3 mobile apps that run on both Android and iOS platforms.

The phones are locked down in many ways. While they use commercial wireless channels, all communications must be sent through an enterprise-managed server. No direct voice calls are allowed, except for 9-1-1 emergency calls. Only NSA approved applications from the NSA enterprise app store can be installed. NSA has published a 100-page overview specification for the Mobility Capability Package.[3] In tandem with the Capability Package there are a series of Protection Profiles.[4] These Protection Profiles list out the requirements a commercial product must meet to be used in the mobile phone architecture.


  1. ^,nsa-builds-android-phone-for-top-secret-calls.aspx NSA builds Android phone for top secret calls
  2. ^ "Scrambl3 Private Communications Mobile Network".
  3. ^ "Information Assurance" (PDF).
  4. ^ "NIAP: NIAP Approved Protection Profiles".