Well, we all know by now that President Obama got his BlackBerry in the end. Personally, I am glad — the many news sites trumpeting the Windows Mobile-based Sectera Edge as a viable alternative obviously have editors who haven’t used a BlackBerry smartphone before, but I digress.
Understandably, not much has been revealed about the modifications made to Obama’s BlackBerry. However, we can get a clearer picture by piecing the various reports together with what we know about the BlackBerry. Let’s start by taking a look at the facts.
Obama’s new BlackBerry will come with software approved by U.S. intelligence officials, allowing him to communicate with friends, family and close associates without fear of hackers reading his private e-mail.
Mentioned in various news reports were a number of “compromises” that President Obama had to adhere to before he got his way.
- First, only a select circle of people will have his address, creating a true hierarchy for who makes the cut and who does not.
- Second, anyone placed on the A list to receive his e-mail address must first receive a briefing from the White House counsel’s office.
- Third, messages from the president will be designed so they cannot be forwarded.
The security concerns
From the above facts, it is possible to figure out the security concerns that a smartphone-toting President will bring about. Foremost would be the risk of interception and decryption of data to and from his smartphone, as well as those with whom he is corresponding.
Detractors might also point out that the various encryption employed by cellular networks are known to be breakable. In addition, the wireless nature of cell phone technology means that it is also theoretically possible to triangulate the President’s location. However, I would submit that these problems are inherent to any mobile devices — and not just to smartphones in general. As such, I will not be exploring this angle.
How does a standard BlackBerry work?
It is clear from the comments to Michael’s earlier post that there is some confusion about how a BlackBerry works. Let me try to summarize it here.
In a typical enterprise implementation, e-mails and messages are sent via encrypted UDP data packets generated from RIM’s BlackBerry Enterprise Server (BES). The BES sits behind the firewall, and its primary task is sending the messages via a RIM-run NOC. The NOC is then in charge of forwarding the encrypted data packets to the correct BlackBerry smartphone. The data packets are useless to any other smartphone because they will not have the correct AES-128 key required to decrypt the data packets.
On a side note, you might be interested to know that the use of UDP packets means that the BlackBerry smartphone is much more data efficient than competing push mail strategies such as the HTTP-based Direct Push implemented by Microsoft.
It is possible to draw a number of conclusions from the above-mentioned facts. First of all, the modified BlackBerry OS on Obama’s BlackBerry probably bumps up the encryption from AES-128 to AES-256. This has been noted on some news sites, though in no way officially confirmed. If true, it must be noted that such a move represents an exponential increase — and not just doubling — in the strength of the encryption.
It is hard to say if RIM allowed the creation of a custom NOC specifically for Obama’s BlackBerry “network.” However, being able to tap into the data packets destined for his device would only be as useful as sniffing the encrypted data streams out from the cellular network.
As pointed out by some TR members, it is also likely that features such as Bluetooth, wireless LAN, and the built-in GPS are stripped out from Obama’s BlackBerry. Similarly, the ability to send text messages is likely to be disabled as well.
As for the mandatory briefings, they are likely to have been related to steps to take should they lose their BlackBerry smartphones. I would imagine a security officer would move quickly to invoke a remote device wipe.
Do you have any other thoughts to share on Obama’s BlackBerry?