"We are NASA, not NSA"
NASA HEOMD Internal Memo on Personal Electronic Devices, NASA
“- Contrary to the nonsense you’ve been reading at nasawatch or elsewhere, NASA does not obtain control of your personal device; NASA cannot remotely read the contents of your device; NASA does not know your unlock code; and NASA will not remotely trigger a wipe of your personal device without your direct authorization to do so. We are NASA, not NSA. Don’t drop the first ‘A’, eh?”
NASA Internal Memo: ActiveSync Security Policies to be Applied to Mobile Devices Connecting to NOMAD, NASA CIO
“Employees using their own mobile device for downloading NASA email /calendar directly via their phone’s mail client should be aware that NASA has the ability to access your device and to erase (“wipe”) it. While the current NASA policy is that no such access or wiping will occur without the employee’s explicit permission, it remains possible that such adverse events could nonetheless occur inadvertently.“
Keith’s note: Funny how the same group of IT people who were unable to prevent the loss of personal information for hundreds of NASA employees, repeatedly allowed personal employee data to get onto latops that were taken outside of the agency, is unable to stop website hacks, and stumbled over itself to figure out how to encrypt data on laptops, can be so certain that data on your mobile device will never be affected (by NASA) if you connect to NASA’s networks.
While the current NASA policy is that no such access or wiping will occur without the employee’s explicit permission, it remains possible that such adverse events could nonetheless occur inadvertently.”
yup nothing preventing disgruntled IT employee sending wipe code to all the devices who gave up control of their personal device to this policy.
“nothing preventing disgruntled IT employee sending wipe code to all the
devices who gave up control of their personal device to this policy.”
Or some hacker. But NASA servers never get hacked, do they??
WOW… just like any good propogandists, like fox news, you immediately brand the messenger:
“Contrary to the nonsense you’ve been reading at nasawatch or elsewhere”
Yes, don’t read NASA Watch or anything else, ONLY read the OFFICIAL line from NASA. See NASA Watch must be a part of that lamestream media we hear so much about .. so NEVER under ANY circumstance, read it.
Not at all — I never said don’t read nasawatch. By all means, read it. Just be able to tell the sense from nonsense.
/s.
That is exactly what everyone is doing right now as they read NASA official policies and your interpretation thereof – even memos you seem to have not read yet.
If a publication is printing “nonsense” by definition that is not an endorsement. Nonsense implies it should not be read, why not? Because they print nonsense.
What IS nonsense, it reading the OIG report and learn the American taxpayer is going to end up shelling out 16.5 BILLION for a disposable capsule… THAT is nonsense. NASA employees, from the top to the bottom should be falling on their swords, to allow congressional porkonauts to rob the taxpayer in tens of billions of dollars.
Then to hear the people at NASA showering praise for SLS, the innovations of the MPCV that is what is nonsense.
Keith:
You really touched a nerve there, boyo!
Regardless of this story or NASA’s policies, what you claim will soon become the norm.
New smart phone services are separating private and company accounts on the same device. Blackberry was first to do this but others will soon follow. Companies can be more secure controlling their own account and employees can use their account and device as they please.
In such a case, the company would have the ability to add, change or wipe anything on ‘their side of the device’. That would include closing an employee’s account before they were told they were fired, for instance.
I think dual accounts on the same device would be a good balance between employee accessibility and business security but, like my example above, clear policies must be determined on how employers are allowed the handle their accounts on their employees devices.
tinker
I don’t think I understand you point here, Tinker. Isn’t it the case that any company employee has access to sensitive materials through many means, including her phone? Isn’t this true at NASA as well as, well, right here at MSA Design, where employees (all nine of them!) use private iPhones for company email, and at the same time have keys to the door, and can see whatever we have here?
What’s the difference? If an employee breaches security, she or he is responsible, that’s all, without respect to the method. OK, we don’t have state secrets here, I get that, but couldn’t an employee at NASA steal with a thumb drive or a camera?
The point of contact here is the employee, not the method, and as long as the device is one-way (can’t hack NASA through an iPhone), it’s the employee who is responsible. Hell if you can’t trust people with their phones why hire them in the first place?
Well, these seem pretty different to me. Obviously you wouldn’t hire someone that’s not trustworthy if you knew it. If there was a 100% accurate trustworthiness test I imagine lots of companies would use it. Say you fire an employee and find out they are not trustworthy… Maybe they will try to take something with them. You can control their physical access to the building by taking their key or whatever, but they already have data on their personal phone.
That’s why I use TD on Android, because if NASA initiates a wipe on the phone it will only wipe the email data, not the whole phone. I believe iOS and typically the stock android mail app wipe the whole phone, including your personal data. Cite: http://www.droidforums.net/…
Well, the (I hope) inadvertent wiping has evidently begin. Here is a heavily redacted message received today from our local organization’s management:
“To anyone with a personal iPhone/iPad (and possibly others) who use those devices to access NASA email etc:
“If you have a personal iPhone/iPad , and if you use the Apple iCloud to share this information between your devices you may want to PUT YOUR DEVICE in AIRCRAFT MODE until it has been backed up on your computer, and then, henceforth, KEEP IT BACKED UP.
“The concern is that ACES has started wiping devices they think do not have sufficient security protection. –> This just happened to [person], on her ACES iPhone! Also happened to [another person] and someone else, we hear.
“The potential for those of you who use …. iCloud, is that having all your contacts deleted will then cause them to be deleted from the cloud and all your other devices.”
Way to go, OCIO!
Got the notification over the exchange service to enable these security features on Android a few days ago, which includes bringing my device to a crawl with active encryption on the SD card. Guess I won’t be getting my work calendar or e-mail synced on my phone.
Which is mostly NASA’s loss, not mine.
Honestly, it seems to me like they’re treating a symptom of a problem rather than the disease. Sensitive information/PII should be shared over intranet resources only, NOT e-mail. It’s an exchange service, not SIPRNet.
I have been using my iPad mini as a BYOD since I purchased it almost a year ago. It is my experience that most if not all of these ActiveSync policies were “pushed” to the device the minute I set up the Exchange account on the iPad. It required me to set a PIN and the device would lock at 15 minutes. I know others who had a similar experience, but my office mate with her BYOD iPhone did not. So, it seems that prior to this week the policy was partially in place on iOS devices. It (or at least parts of it) had been pushed to some but not all iOS devices.
During the nearly a year I have been using my iPad as a BYOD, I have not had any issues. I don’t have an issue with the policy either. I can see that if my BYOD was lost or stolen that almost trivially easy access to my email would be bad for NASA and for me.
The thing that struck me about all this is the deficiencies in how all this was communicated. I would think the fact, at least in my case, that much if not all of the ActiveSync features have been in place since I first connected the iPad to Exchange, and that it has not been an issue might be a data point that would help ease some of the uneasiness about all this. I know that my case is not unique as others have had to set a PIN once they set up Exchange on their iOS BYOD. Nor is my case universal as my office mate has not been required to set a PIN on her iPhone over the last several months even though she has set up access to her NASA Exchange account.
At least for me, it would improve my relationship with the IT folks if they would let us know how ActiveSync was being used with BYODs over the months prior to the new policy. I know they read these comments as I got a voice mail from the JSC CFO in response to my earlier posts on this issue. One thing he did leave in the message that may ease some folks uneasiness about the wipe after 10 unsuccessfully PIN entry attempts is that after 5 attempts, there is a waiting period between attempts such that it takes on the order of hours to enter the 10 attempts. So my daughter would have to have access to the iPad for a significant period before her actions would result in a wipe. I do not know if this just applies to iOS. It seems however that this is another point that the IT folks could communicate more broadly to ease people’s fears.
Forrest Lumpkin
There is an important typo in my post. “CFO” should have been “CTO”
Just looked at a response to my earlier post from a week ago that explains why the policy had been pushed to my BYOD iPad but not to my office mate’s BYOD iPhone. The ActiveSync policies can be enabled on an account by account basis. Before the new policy, IT would enable the ActiveSync policy on those people’s accounts who had been issued a NASA owned mobile device. I have a NASA issued iPhone in addition to my BYOD iPad. My office mate has never had a NASA issued mobile device.
Clears up that confusing mystery.
At least for me, all this now a non-issue.
Forrest Lumpkin
This article makes me so paranoid that I just threw my iPhone in the toilet, wrapped my head in tin foil, and hid under the bed! Someone text me when it is safe to come out. Oh wait……
So much hubbub over a tiny little feature, your employees wanting to see your email on a tablet or cell, using the native email program, to avoid having to type in their ID and password all over again, as with access via web-mail. Amazing.
I’d be curious to see how the NASA policy compares with corporate America, which also deals with very sensitive documents, perhaps financials, and strategies, and lobbying, and all. As it appears the Government version of policy here seems to be that the luxury of using the neat native email app on our gadgets, more seamlessly than going through the web-mail version, warrants a policy in the first place, and controls, and what not.
Yet even when using a web-mail version of access to email, once you click on an attachment, tablets usually download a copy to a “download” folder. So what’s the advantage here? A lost device that a person only ever used with web-mail can have a mother lode of documents (pdf’s, ppt’s, word, etc) in the download cache.
This policy just seems like overkill. A policy arising merely because it can take a certain form, merely doing something because it can be done, like being able to wipe, or requiring a device lock code. Not because the policy would make any difference as regards lost or stolen devices and sensitive documents in a cache.
Were these things really in a previous NASAWatch story? Or was it just random comments in a previous story? I’m a little behind.