Obama's BlackBerry victory raises security questions

U.S. President Barack Obama was able to persuade his security staff to let him keep using his BlackBerry handheld device. But what's not clear yet is how the device might be modified to ensure extra security.

U.S. President Barack Obama was able to persuade his security staff to let him keep using his BlackBerry handheld device. But what's not clear yet is how, exactly, the device might be modified to ensure extra security.

White House spokesman Robert Gibbs said Thursday a compromise had been reached allowing Obama to keep in touch with a select group of staff and friends through the device, for which he had famously developed an addiction.

"I won the fight but I don't think it's up and running yet," Obama said Thursday.

It's a public relations coup for Waterloo, Ont.-based Research in Motion Ltd., which makes the BlackBerry devices and also runs the network that all messages sent to and from the devices pass through.

The White House said security would be "enhanced" but did not go into detail. RIM declined to comment, referring all questions to the White House.

Normally, when an email is sent to a person at a company or government agency using RIM's BlackBerry EnterPrise Server software, the corporate email program would send a message to the enterprise server, which would then encrypt the message and send it to RIM's Network Operations Centre, believed to be in Waterloo, which acts as a post office, redirecting the email contents in separate packets of information to the mobile device, which then reassembles the decrypted message.

RIM has made a name for itself in both corporate and government circles because of the security of its system, says Kevin Restivo, an analyst with IDC Canada.

"Working with the U.S. Department of Defence is part of how RIM has built its reputation as being a superior provider of mobile devices that are more secure than others," said Restivo.

Defence Research and Development Canada has performed security tests on RIM's system as well, praising the company in a 2007 report for its features such as message encryption, password protection and "remote kill" feature — which allows the BlackBerry server to send a command that will wipe all of the data from the device.

But DRDC spokesman Martin Champoux said the department would not speculate on how secure the network might be for the U.S. president, because there were too many variables at play.

Among the variables are what software or network enhancements the White House might insist on, who might implement them and whether the device is even a BlackBerry.

There has been speculation from security analysts that the device Obama will use would be one already approved by the National Security Agency, such as the Sectera Edge, designed by General Dynamics Corp.

Restivo said RIM is likely doing everything in its power to be a part of whatever new security measures are needed, arguing they wouldn't want to do anything to lose the lustre of its most public thumb-tapping typist.

"It's worth RIM's time to ensure it has arguably the highest-profile spokesperson in the world using its Blackberry, so you can rest assured the company is bending over backwards to ensure it meets his needs and the government's needs," he said.

U.S. security technologist Bruce Schneier said it's also possible the government could decide to use a BlackBerry but route the messages Obama sends and receives on the device through their own network centre, making the question of the security of RIM's network irrelevant.

"I'm not even convinced its going to go through RIM's system," he said. And it's the network and not the device, he said, that is really at the heart of security.

Even the most secure network isn't perfect and even the most complex security algorithms can potentially be hacked, said Schneier, and he says no shortage of potential groups — from criminals to the spy agencies of other nations — might try to access a device used by the president of the United States.

Another potential flaw in security is more mundane: even if Obama's handheld device has the most state-of-the-art technology, anyone receiving his messages could potentially be a weak link in the chain, said Schneier.

The question, then, for Obama, he said, is whether it's worth the risk of having a hacker get access to the device or the potential legal issues should his messages be subpoenaed.

"It's hard to say. I can tell you the risks of having it, but I can't tell the benefits," said Schneier. "If he averts thermonuclear war by having a BlackBerry it sounds good to me, but I really don't know if it's a good idea or not."

With files from the Associated Press