Beware Of Sticky Fingers When BlackBerrys Handle State Secrets

We're not at war with France, at least not the last time I checked, but that doesn't mean that the French want their state secrets coursing through the U.S. telecommunications infrastructure, courtesy of French government officials addicted to les BlackBerrys. Sure, BlackBerrys come with built-in encryption, but is that enough when you really, really don't want anyone to get their hands on the information you're carrying around?While Canadian Privacy Law Blog wonders whether encryption makes this a nonissue, others point out that any encryption scheme can be broken; it's just a matter of time.

"Encryption, by its very nature, is designed to be decrypted," Andrew Colarik, an information security consultant who holds a doctorate in information systems security from the University of Auckland, told me Thursday. "All encryption is is a delaying tactic. It might be years from now, or it might be next month."

So, as with many issues related to security, this is not a technology issue. "If you're a cabinet minister, you don't BlackBerry cabinet information to another cabinet minister," Colarik says. "Anyone in a national security position has to take information security seriously, and more often than not they don't because we often defer to efficiency and convenience."

The BC Blog expresses a trust in le BlackBerry security but also argues a pragmatic approach regarding when to send a text message and when a matter is urgent enough to actually pick up the phone and dial.

This doesn't preclude the U.S. security establishment from making its own fair share of mistakes. As my colleague Sharon Gaudin points out in a news story today, the most recent controversy surrounding Homeland Security involves classified e-mails being sent over unclassified networks, and unauthorized users attaching their personal computers to DHS networks and gaining access to government equipment and data.

Colarik notes that a friend and former FBI agent once had a defective BlackBerry that RIM wanted to swap with a new device. "Some of the information on that BlackBerry could not be disclosed by law," he says. Colarik's advice? Get a really big magnet and wipe the BlackBerry before shipping it back.