ACT Govt offers phone lock-down to schools

Darren Pauli | May 21, 2012 12:14 PM
Personal data erased.

The ACT Government has offered schools the ability to lock down teacher and student smartphones and tablets while operating over the local network.

The no-holds-barred approach to personal devices would see security bypass methods such as jailbreaks, rooting and other disallowed security features banned while using local wi-fi and LAN networks.

Students and teachers who voluntarily sign up to use their devices on the network and then attempt a jailbreak would find their devices erased by a “silver bullet” fired from the government's central IT office.

“We will blow your personal information away if you jailbreak or root; personal data, the lot” said Peter Major, the ACT Government's senior manager of IT security.

The service would be compatible with phones and tablets running Windows Phone, Apple's iOS and Google Android, but not BlackBerry or Nokia devices, which Major described as "dying" and "dead" platforms respectively.

Major said the service could help improve the security posture of schools.

“Take off your pointed hats, get off your broomsticks and find out what the business wants, what works,” he told delegates at the AusCERT 2012 conference on the Gold Coast last week.

The initiative is an extension of security controls project first deployed to administrative staff within the territory's education department, state bureaucrats and politicians in 2010. Government users are required to sign up to the service in order to use personal devices over the local network.

The government aimed to conform monitored personal devices to centralised mobile policies and security arrangements.

Some government users could opt to use corporate-issued devices, depending on their role.

“Others might get old Nokias, whatever is appropriate,” Major said.

Crippled iPads

Cabinet ministers are also afforded access to agency-issued iPads to cut down on paper use, with each device controlled by the government's mobile device management service.

The devices are signed over to the user for a limited time, loaded with materials, then later handed back to be erased.

Staff using the system had to sign privacy waivers because personal information could be monitored along with the device's security. Agencies need to seek user approval to be able to take disciplinary action based on information gleaned from devices.

Major said the security controls, approved by the Defence Signals Directorate, minimised functionality and effectively turned the agency iPads into Amazon Kindles.

The state IT shop ran a pilot with ministers and bureaucrats to gain executive support for the project.

This was effective, Major said, because it allowed the IT department to “push the policies through the gods first” and avoid the risk of executives pouring cold water on the policy later.

The government had developed an application blacklist for mobile devices that was initially compiled from the corporate network. There was currently no way to control consumer cloud services like DropBox and iCloud, which he described as “scary”.