The Messaging and Mobile Media division of VeriSign is estimating a record 1.4 billion mobile messages will be sent on Inauguration Day. But President Barack Obama probably won’t be sending or receiving any of them. At least, not on Inauguration Day.
Obama and his Blackberry on the campaign trail.
There has been an onslaught of articles posing questions such as, “Is the BlackBerry secure?†and probing issues like access to the President’s email. But there are much larger issues here.
As a Canadian, I have only a passing familiarity with the American legal system, so I won’t pretend to understand issues related to congressional access to Presidential email. However, if the President of the United States doesn’t have the right to exchange private personal emails with friends and family, something is seriously wrong and it’s not a technical problem.
In attempts to explain the security properties of most email, many have written that email is like sending a postcard. In reality, it’s much worse. It is unlikely that someone working at a postal sorting facility could automatically copy every post card flowing through the system and walk out with it at the end of the day. Sadly, that’s all too easy with email. While larger ISPs have internal security and privacy processes in place, it still remains trivial to intercept copies of email, especially in the case of smaller Internet service providers. Email also leaves another trail: Virtually every mail server maintains a log file that shows the source and destination of every email message that passed through it.
The impact of this issue depends largely upon who you are. I, for one, would be flattered to hear that thousands of system administrators across the world searched their mail logs for my email address. However, such searches are guaranteed to happen within minutes of President Obama’s email address becoming known and the mere fact that Obama sent someone an email makes them interesting. Interesting enough that at least some system administrators will open the mailbox to have a look. And interesting enough that a number of organizations, both domestic and foreign, would be happy to pay for it.
The underlying issue is that, while the technology required to secure our email has existed for almost two decades, we don’t use it. Tools like PGP and the S/MIME capability built-in to Outlook are relatively easy to use but only an infinitesimally small number of people use them. And ask them what percentage of their total email is protected and you’ll quickly hear that most of their friends don’t have the capability to exchange encrypted email.
Yes, there are some issues with the BlackBerry, most notably that the encryption technology used in the device should be improved. But we need to keep the vulnerabilities in perspective. For most of us, our BlackBerry is not the weak link because intercepting the data and decrypting it is expensive, complicated and illegal. On the other hand, I would expect at least a dozen countries to spare no expense to monitor the President’s personal email. Put in security terms, few of us face a threat agent with sufficient resources and motivation to intercept the radio communications to and from our BlackBerry and break the cryptography. But the President does and the beauty of intercepting radio waves is that nobody can see you do it. While personal emails may be benign, they can give some insight into what a leader is thinking, what other people are telling him and who his friends are.
Other issues exist, including the fact that any mobile phone, BlackBerry or otherwise, can be used to tell where someone is located when it is turned on. I won’t repeat the countless scenarios that people are posting to the net. They don’t matter. We already know where the President is. Anyone who needs his BlackBerry signal to find the Presidential motorcade isn’t much of a threat. And, after all, the devices do have an ‘off’ switch.
But there’s another force at play that has nothing to do with security. Obama’s BlackBerry provides him with a direct path to the Internet that bypasses his advisors. Email, web, and telephone that they don’t screen or control. Just imagine the President asking a friend, former senate colleague, or anyone else for their opinion via email or instant messenger. This type of connectivity has the potential to change the White House and I’m sure that at least some people don’t like that.
I hope that President Obama keeps his BlackBerry. Ensuring that the President remains plugged in is a good thing. I also hope he assigns someone a new job: Fix email security. While few of us face the same threats as the President, given the economic climate and widespread economic and industrial espionage facing virtually all developed countries, we would all benefit from more secure email. I also hope that Canadian-based Research In Motion, maker of the BlackBerry, seizes the opportunity to increase the security provided by their products. We’ll all benefit from that, as well.
