President Barack Obama will keep using a BlackBerry for e-mails, protected with a special encryption package created by government spooks, probably the National Security Agency, according to Marc Ambinder, a political blogger with The Atlantic.
In a brief post late Wednesday morning, Ambinder writes that a standard BlackBerry (but apparently not Obama's current personal device) has been outfitted with a "super-encryption package." Obama will use it for "routine and personal messages." He, along with White House staff, will not be using instant messaging, Ambinder writes.
Ambinder doesn't cite any sources for this. And his post raises a number of still-unresolved questions, some of which Network World examined earlier this week.
The BlackBerry device is in essence a wireless window and keyboard into an existing e-mail system, such as Microsoft Exchange, on which the user has an account. The BlackBerry device, in tandem with the BlackBerry Enterprise Server software, is really just a convenient way to access a "real" e-mail system, such as whichever one is used by White House staffers.
So, the more interesting question may be not "Can he use his BlackBerry?" but "What e-mail address is he using?"
The drawbacks of public officials using Internet-based mail services, such as GoogleMail, were dramatically revealed last fall when Republican vice-presidential candidate, and Alaska governor, Sarah Palin's Yahoo account was hacked, and its contents posted online. Besides the privacy violation, the incident was controversial because Palin was accused of using a "personal" e-mail account to communicate about government business.
Ambinder writes that that United States government BlackBerries aren't cleared to protect messages above the status of "SECRET." As Cisco Security blogger Jamey Heary explains in his dissection of BlackBerry security issues: "[T]his brings me to my main premise for denying Obama the use of his BlackBerry device. The BlackBerry network is too public. Their vulnerabilities are published publicly, their SDKs are public, their devices are public, parts of their code is public, their RIM network is public, their software is public, anyone who pays $100 is allowed to obtain a RIM key to sign their code, exploit code to attack the multiple vulnerabilities in BlackBerry is public, etc. etc. etc."
But that doesn't stop numerous U.S. and foreign government agencies using the devices for communications classed either SECRET or SENSITIVE. BlackBerry maker Research in Motion points to a string of security certifications for the BlackBerry system, and notes the U.S. Department of Defense is one of its biggest customers.
(The Sectera Edge smart phone, from General Dynamics and certified by NSA, can be used for TOP SECRET-classed voice calls as well as e-mail.)
But do Obama's "routine and personal messages" -- presumably to longtime friends and colleagues outside of his administration and outside the U.S. government as a whole, which is the group he's repeatedly expressed interesting in communicating with "outside the bubble" -- need to be classified as TOP SECRET, or even SECRET?
"Perhaps the NSA and U.S. telecommunications companies have created a special, more secure digital pathway for Obama's messages to travel on, one that would resist the inevitable penetration attempts by foreign governments," Ambinder writes.
It's not clear what Ambinder means by a "more secure digital pathway" beyond the special encryption package he referenced earlier. One possibility might be a special radio frequency.
NSA clearly knows how to securely encrypt government communications. But, again, if Obama wants to communicate with "ordinary folk," nothing is lost if a hacker or even a foreign government penetrates e-mails such as "How 'bout those Cubs!" or "Do you think that shade of yellow is Michelle's color?"
But greater openness, even when the intent is to limit that openness to a specific group of non-government acquaintances, makes a standard smart phone more vulnerable to being injected with malicious code. Once installed, without other protections, the code in theory could be written to take over various functions, such as turning on a speaker phone to record conversations, transmitting contacts and phones lists, identifying the GPS coordinates of the phone and therefore of its user, in this case, the president.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.