Maybe the French are right

Comments

Eiffel TowerYou know, maybe BlackBerrys aren’t really fit for upper-level government work. Turns out New Zealand doesn’t use BlackBerrys for transmitting any information above bottom-rung security clearance, and having heard a thing or two from government employees here in Ottawa, I can tell you the Canadian government works the exact same way. As for France, the statement quoted from Alain Julliet is actually two years old, and applies to the security risk posed by all mobile devices, which seems only reasonable. So when RIM says that governments have “given the system their accreditation“, they might be milking it just a little.

So 256-bit AES isn’t good enough for national security, fair enough. Maybe it isn’t RIM’s place to have security measures that good. But what if RIM could provide the option for national security agencies to integrate their own standards on the BlackBerry framework? I’m no security expert, but I reckon that such an undertaking would involve seriously gutting existing devices, but providing blank, customized templates for governments to work with is still a great service that RIM is in a position to take advantage of. The French National Assembly already uses open-source software presumably for the same reason: it lets them do exactly what they want to do with it.

Maybe it’s unrealistic to expect RIM to change such a fundamental part of their technology, but they already have such a solid foothold in the government markets that it would be a wasted opportunity to not push further up the ladder. Providing a solid foundation with a blank slate for governments to develop on their own watch would give RIM at least some business at those upper levels.

  • Freedom Fries

    The reason why mobile wireless traffic is not trusted above Confidential is primarily due to the insecurity in the carrier networks and not necessarily the AES 256 encryption. Think about it- the cops have taps all over the place in carrier networks, but they can’t read BlackBerry traffic unless they have the keys.

    RIM should move quickly to encrypt everything [BES and BIS] with elliptical curve, provided they can figure out a way to do it without holding the keys for BIS users.

  • Freedom Fries

    The reason why mobile wireless traffic is not trusted above Confidential is primarily due to the insecurity in the carrier networks and not necessarily the AES 256 encryption. Think about it- the cops have taps all over the place in carrier networks, but they can’t read BlackBerry traffic unless they have the keys.

    RIM should move quickly to encrypt everything [BES and BIS] with elliptical curve, provided they can figure out a way to do it without holding the keys for BIS users.