Can’t Crack the Crackberry

“I’m addicted to it,” President Obama reportedly told his interviewers on CNBC recently when they asked about his Blackberry. Still, could he be allowed to have it? The two presidents America has had so far during the Digital Age of e-mail and Internet – Clinton and Bush Jr. – famously had nothing to do while in office with e-mail and were never seen toting a mobile telephone. The concerns had to do both with the law (e.g. the obligation to preserve any written communications and the legal standing any messages might have) and with routine communications security.

On that latter point, at least, there might not be that much to worry about, according to a recent analysis in the German newsmagazine Focus (Blackberry security: The enemy in the telephone). The lede:

In contrast to his predecessors, US President Barack Obama may make use of a smartphone – but within strict limits. How insecure are Blackberry & Co.?

Not as insecure as you may fear, as it turns out, and that from German experience. As the article relates, back in June 2005 the auto-producer Audi decided to ban Blackberry use among its employees out of fears of industrial espionage by its competitors. The company was particularly concerned about the fact that all Blackberry e-mails are routed through the servers of RIM, the device’s Canadian manufacturer. But RIM was able to persuade Audi that this traffic was encrypted in such a way that even RIM itself could not break the code and read any messages – even if directed to do so by some government authority. Later, in response to a pronouncement by the German Office for Information Technology Security (in German, the BSI) that the Blackberry was too vulnerable for use by government officials who had to send secure communications, RIM managed to gain for its equipment a Common Criteria security certificate, basically meaning that a process of independent testing (presumably by the Standards Council of Canada) confirmed the Blackberry’s adherence to a very strict set of international security standards – strict enough, in fact, that Common Criteria certification was routinely recognized as good enough for any equipment to be allowed for German government use without further question. Late last year the prestigious German Fraunhofer [Research] Institute also was willing to certify the security of the Blackberry’s encryption, to a 24-million-year-before-cracking standard.

Alright, but what if the President loses his “Obamaberry”? (President Bush Jr. famously lost the watch off his wrist in an adoring crowd of Albanians, after all.) That’s also not really a problem; off-the-shelf commercial products are available today to mere-mortal users for powerfully encrypting the data on the machine, and no doubt US Government experts can take that at least one step further. (Plus, there is not supposed to be that much contact information on the machine in the first place, since it’s only supposed to be used for communication with engste Bekannte – “closest intimates.” Although I suppose Disney and various other youth-marketeers would love to get a direct line to Malia and Sasha.) The same considerations can be applied to the prospect of bugging, as well as spam and malware.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Comments are closed.