Computerworld

FAQ: Why Obama may give up his BlackBerry

Six security experts say he should shelve it

Could Barack Obama ever expect to continue using his BlackBerry once he officially becomes president?

According to experts on security, mobile phones and presidential communications, the answer is no.

Their reasons are not just about the security, privacy and possible hacking of a BlackBerry device running over a wireless network that includes a Network Operations Center in Canada. The reasons have as much to do with the security of e-mail generally, and how the White House would treat BlackBerry communications under the Presidential Records Act.

Culled from interviews with these six experts, this FAQ covers the reasons the president-elect will probably hand over his BlackBerry, built by Canada-based Research in Motion.

Why would anyone care whether Obama uses his BlackBerry, considering the world is in economic turmoil, terrorists just attacked Mumbai, India and the US is engaged in wars on two fronts?

Good question. Since Obama is considered a change agent and also a friend of technology, some have said it might be valuable to see him take advantage of quick access to e-mail and the Internet. A BlackBerry in the hands of the most powerful man in the world might serve as a valuable funnel for input from advisers, average citizens and even rivals, their thinking goes. One columnist for Newsweek recently argued that Obama should also hold onto his BlackBerry to free him "from the gilded prison of the White House." Bloggers have made similar arguments.

But all six experts agree that Obama will have plenty of access to all kinds of information, as well as expert sources and aides who could be searching the Web and answering or sending e-mail for him. Given the technology available today and the fact that he will be the first president with a desktop computer in the Oval Office, there will be lots of inbound information, and presidents already have many ways to get their messages out through radio, TV and the Web, the experts argued.

"My feeling is, that at this point, it is unnecessary for a president to carry a personal BlackBerry," said Diana Owen, head of the American Studies program at Georgetown University in Washington and an expert on presidential communications.

"I can appreciate the isolation dangers ... but I still think it's ill-advised for the president to keep the CrackBerry," said Paula Musich, a security analyst at Current Analysis.

Page Break

So, what's the big worry about using a BlackBerry?

The biggest concern seems to be how to handle e-mail and outbound communications from a BlackBerry, or any other device, including the desktop computer.

"Whether he uses a BlackBerry is a political question, really," said Jack Gold, an analyst at J. Gold Associates. "I think the more significant issue is whether they want him to have e-mail at all. They already have secure e-mail systems in the White House" used by aides but not the president.

So what's the security worry with e-mail then?

"The real issue with communicating over e-mail is that it's too risky for a president, since nobody can prove he did or didn't send an e-mail," said John Pescatore, a Gartner analyst. "If a woman came forward and said she had a liaison with President Obama, it might be best if he could say, 'I don't send e-mail' except for official communications."

Pescatore added that the standard policy for a reputable business today is never to send or ask a customer to send anything considered sensitive over e-mail. "E-mail is not trustable," he said. "We thought it was, but then along came the phishers."

Using a BlackBerry, would Obama be required to keep records of communications from the device?

Probably. Most of the experts agreed that the Presidential Records Act would pertain to BlackBerry communications, certainly those in text over e-mail. "If a president tried to circumvent that requirement, I am sure he would face tremendous scrutiny and public outcry," Owen said.

And what is this Presidential Records Act?

The act, first passed in 1978, states that the public owns presidential records, which are subject to review through the Freedom of Information Act beginning five years after the end of an administration, with other restrictions. In effect, it means that all presidential correspondence needs to be carefully managed because it could eventually be included in the historical record.

Security expert Bruce Schneier, who recently wrote an article on the topic for the Wall Street Journal believes the biggest worry over Obama's use of a BlackBerry is not from hackers but how the president would defend using it against subpoenas for information or against a law like the Presidential Records Act.

Page Break

"It doesn't matter what kind of encryption you're using [on a BlackBerry] when a judge demands that the plaintext [running over it] be produced," said Schneier, an author of several books on computer security. "There could be any number of issues where there is public pressure to release presidential communications. Remember, the best security measure to protect privacy is not to have the data in the first place."

OK, so there are problems with Obama's privacy on the BlackBerry, but what about hackers or foreign spies? Are those real concerns?

There are worries about spies tracking Obama's whereabouts, since a BlackBerry keeps transmitting to get new e-mail off RIM's Network Operations Center. That information can be used to track someone's location, a real danger for a US president in an era of terrorism, according to Pescatore, a former employee of the US Secret Service, and Ira Winkler, a former National Security Agency analyst, president of the Internet Security Advisors Group and a former Computerworld columnist.

Winkler said officials of the NSA and other security agencies are usually not allowed to use their BlackBerry devices for official business and are instructed to leave them in their cars when attending a meeting. Other analysts, however, said White House and FBI officials use BlackBerry devices, but they didn't know the limits on their uses.

The policy on BlackBerry devices used by federal officials could not be clarified, since officials for the Secret Service, which protects the president, did not respond to questions on this topic. Officials from the Obama transition team also could not be reached.

"The bad guys will know if the president has any wireless devices," Winkler said, adding there are examples of spies who have traced wireless communications in the past.

How would someone track Obama's BlackBerry?

Spies can use radio tracking equipment, similar to that used by military forces around the world to track troop movements, Winkler said. Basically, a spy can follow what's called the "emitter fingerprint" from any radio in any BlackBerry or other wireless device that is transmitting, he said. If the fingerprint is matched with a person's location the first time by a witness, the fingerprint can be used to follow that person later, he explained.

Really, that could happen?

Winkler cited the example in 2003 of a former LM Ericsson employee who was charged with treason in Sweden for giving details to the Russians on 3G wireless technology that allows tracking of users. "You can geo-locate people remotely from any place in the world," Winkler said.

Page Break

Aside from tracking the radio signals transmitted by a BlackBerry, what about the actual information being sent? How secure is that?

Pescatore said RIM has in the past built BlackBerry devices for certain customers that include software and hardware to add high-level encryption. (RIM did not respond with any comment on this claim.) With such end-to-end encryption, which relies on the Advanced Encryption Standard 256, it would be hard to imagine "even a foreign power throwing huge computer power to brute force crack that kind of encryption," he said.

But Pescatore stressed that encryption "is not the weak link" in using a BlackBerry. "The weak link is how could he prove that he didn't send an e-mail to a woman claiming he had a liaison with her. How could he prove it?"

Does it matter that RIM's NOC is in Canada?

Apparently this issue matters to some who have blogged about it, since Canada is a foreign power, while it is also the closest ally of the US.

Experts noted that RIM is a publicly traded company and not an arm of the Canadian government. Even when a message passes over a network operated by any number of carriers and when it is on a server in the RIM NOC, it is encrypted with keys that RIM doesn't have, Pescatore said. RIM also has other NOCs in Europe, not just Canada.

What has RIM got to say about all this?

The company refused to comment on the issue of Obama using a BlackBerry. However, in the past, RIM has called its wireless e-mail system the most secure available and that it is in use by companies and governments around the world. It recently announced a security certification and has posted information about its security architecture on its Web site.

What is the bottom line for Obama, will he or won't he carry a BlackBerry?

Obama probably won't carry a BlackBerry, if he listens to our group of experts. But the reasons will stem mainly from the dangers of widespread use of e-mail made easier with a portable wireless device that tends to encourage even casual conversations. If Obama rejects e-mail altogether, he will be following the path set by other presidents who relied on aides to do the e-mailing.

Communications staff at the White House can probably implement any kind of technology that a president wants, Pescatore said, but Obama will probably receive all inbound e-mail messages in a different way. In other words, he will probably resort to a technique first used in the early years of the Clinton administration, when a group called Trusted Information Systems received all inbound e-mail, then transferred it to some form of media, probably including paper. That "safe" mail would then be transported to the White House, he said.

If this sounds like the way England's Queen Elizabeth I got her messages hundreds of years ago, it is close.