In a nut shell, the BlackBerry service is too public to be used. Let's be rational here, how would you feel if you knew the president used a public copy of WindowsXP on all his PCs, or if he used a public copy of Internet Explorer and Outlook? How warm and fuzzy would you feel about the security of our Gov’t secrets? Of course Obama would like to keep his Blackberry, who wouldn’t? BlackBerry’s without a doubt increase the users productivity and availability. However, for most users the security of the BlackBerry solution is just an after thought. Obviously, if you are the most powerful man on the planet your security posture becomes a bit more critical (understatement of the year). In this blog I will lay out 3 major reasons why the security risk is just to great to allow President Obama to keep his beloved BlackBerry.
Over the years the President's access to mainstream communication systems has been prohibited, and for good reason, they are not secure enough. This is why the White House has its own communications network for e-mail, voice, video, and data delivery. They don’t just go and sign up with Qwest. That is why all the applications the President uses are custom. Everything from his e-mail client, browser, operating system, instant messaging system, word processor, etc. has had its source code either written from scratch by the Gov’t or highly modified by the Gov’t to make it more secure. Even many of the crypto algorithms that are used to encrypt the President's data at rest and in transit are custom developed and classified. My point is that everything the President touches in the digital world has been highly customized for him with a relentless focus on security.
Almost all of this customization code, techniques, algorithms, etc are highly classified. See NSA cryptography definitions around Suite A algorithms. Sure you could argue that it is a bit of security by obscurity but it seems to be a pretty successful tactic in the government’s bag of tricks so far.
So this brings me to my main premise for denying Obama the use of his BlackBerry device. The BlackBerry network is too public. Their vulnerabilities are published publicly, their SDKs are public, their devices are public, parts of their code is public, their RIM network is public, their software is public, anyone who pays $100 is allowed to obtain a RIM key to sign their code, exploit code to attack the multiple vulnerabilities in BlackBerry is public, etc. etc. etc.
Don’t get me wrong my whole argument is not based around obscurity per say. Instead it is based on the fact that if our President uses a completely public communication mechanism, like BlackBerry, which was not designed with “eyes only” security as an objective throughout its dev process then the likely hood of it being compromised jumps exponentially. This is especially true when every detail about the BlackBerry solution is available to the public and has been for years.
Let’s take a brief look at the state of BlackBerry security.