Obama’s Blackberry Security Review
It looks like, after much debate, Obama will be allowed to continue to use a smart phone (From most articles I have read, it seems unclear whether the phone will still be the Blackberry he seemed to like so much, or if it will be a NSA approved smart phone, or a combination of the two). Much of the debate centered around whether a Blackberry could be made secure enough for the President’s day to day use. For example, Obama would not want a highly sensitive conversation with the Secretary of Defense to be heard by anyone trying to listen in. Smart phones can also deal with email and the internet in general, which opens up the possibility of an exploit coming from there. Smart phones also have GPS receivers, and are in essentially constant contact with cell towers, both providing methods to track the phone.
Assets
- Obama needs to ensure that any sensitive voice communications using his smart phone are unintelligible to anyone that intercepts them. Voice communications should also not be spoofable. For example, if Obama were to say “launch the rocket” in reference to the testing of some new rocket from NASA, we would not want someone to replay that message to someone in the military that is ready to launch a rocket propelled missile somewhere. (I realize this is a very contrived and difficult to pull off example, but I imagine there are people out there who could think of a more realistic and doable exploit for this)
- The smart phone itself needs to be secure. By this I mean that it should not be possible for an attacker to gain remote access to the smart phone. If the attacker is able to do this, then they can easily access location information, as well as any key information used to encrypt communications.
Potential Adversaries
- The most obvious adversary would be terrorists wanting to learn high level secrets or impersonate the president.
- Another threat could be malicious governmental officials wanting to hurt Obama’s reputation, or maybe just wanting to sell the information for great financial gain.
Potential Weaknesses
- Probably the biggest weakness will be Obama himself. As smart phones are able to access the internet, he could plausibly be tricked into downloading and installing malware giving the attacker access to his phone. It is also plausible that Obama could accidentally leave the phone somewhere where anyone could pick it up and access it.
- Another potential weakness is in making sure sensitive communications are authenticated as being from Obama. For example, we would not want anyone thinking Obama said that we should “attack Iran”.
Potential Defenses
- The secret service and the NSA should definitely make sure Obama is informed of all the security risks of downloading and installing arbitrary software. Also, since they only have to check one person’s activities, they could have a dedicated team inspecting everything Obama wants to download, ensuring he does not install malicious software. This may be a bit overkill, but would go a long way to making the use of a smart phone more secure. As for Obama forgetting a smart phone somewhere, it is likely that his aides and the secret service will be told to always make sure he does not leave it. With more people thinking about it, it will be much less likely that Obama will forget his smart phone somewhere.
- To protect against spoofing communications from Obama, they would need to make use of a MAC, notably one that included sequence ids. It would be important to include the sequence ids to prevent the possibility of replay attacks.
Conclusion
As we can see, there is a large amount of risk inherent in Obama using a smart phone as president. These risks can range from national security breaches to crippling Obama’s reputation as President. As such, a very high level of security is necessary to make these risks acceptable. An article at http://abcnews.go.com/Technology/Story?id=6712260&page=1 gives an overview of some of the high level security concerns and how they were dealt with. It doesn’t sound like any actual methods have been disclosed, rather the article cites guesses by experts. One such guess is that they will “stay ahead of potential hackers by changing codes, methods and, potentially devices, with high frequency.” While changing codes and devices could be beneficial (If one device is unknowingly infected, changing will effectively mitigate this), changing of methods is not always good for security. Creating robust security methods is very hard to do, so if they were to change frequently, there is a good chance most of them would have flaws. On a similar note, obfuscating the security system in general (as they seem to be doing), is usually considered bad practice, as there is a limited number of eyes vetting it.
Comment by devynp
January 23, 2009 @ 6:04 pm
What an interesting topic to review.
Aren’t we proud that the president is tech-savvy? But I want to raise my concern about the President using Blackberry. One example of security vulnerabilities is from the Blackberry itself. Where does the President get his Blackberry from? What if the seller of the device install a software that would send a copy of his incoming/outgoing messages to a malicious server? What if the device has a software that would record all his voice conversation? I think the President will need a special presidential security team that would do a deep check on the high-tech devices that the president use, making sure no malware has been installed.
Comment by cxlt
January 23, 2009 @ 6:28 pm
While security was a question in terms of Obama’s future BlackBerry use, the primary issue is the FOIA, or Freedom of Information Act, coupled with the Presidential Records Act, which mandates that any and all official business conducted by the President *must* be released as public record following the end of his term.
The net of this is that all Presidents (like Bush) end up giving up email entirely, not just mobile devices, because it’s hard to separate the personal from the public when one is President. When he was campaigning, for instance, Obama would frequently converse with and receive random tidbits from personal friends about news and policy. He liked it because it was a fresh, outside perspective, but it’s arguably then part of official business, as it could influence his policy making.
That’s the primary line that made it so questionable whether Obama would keep his BlackBerry, not the security concern.
Comment by Justine
January 23, 2009 @ 7:14 pm
Another issue is that all of your email data and such (although encrypted) goes through RIM in Waterloo, Canada, making a disgruntled RIM employee a potential “Eve” in the President’s conversation.
Still, I think the level of security for something is tied to how valuable that information is – if President Obama wants to send pictures of his kids to their grandmother from his camera phone, it may be a hot item for celebrity gossip magazines, but certainly not for terrorists. So long as he is not emailing Secretary Clinton the latest news from the CIA intelligence briefing, it really is his issue how much he thinks it needs protecting.
Comment by Ziling Zhao
January 23, 2009 @ 9:14 pm
In this day and age, I have a hard time imagining a president without a smart phone. How can we trust a leader who is not connected?
Very few presidents have been as tech savy as Obama and I believe this is a big step forward for the US.
However, the president should not be allowed to use an unsecured blackberry. I’m sure someone will come up with something. The CIA/NSA have secure PDA’s of their own, although they all fall under the category “bulky”. http://i.i.com.com/cnwk.1d/i/bto/20090112/obama4.jpg
Obama needs a smartphone that is both secure and stylish.
Comment by gertanya
January 23, 2009 @ 9:48 pm
The status of the President implies that you might need to give up some things for the benefit of your country and people. One of the things the President might need to give up is a convenience of using some high tech devises. Obama’s new role will also include some limitations of his privacy because now he is the person of the wide public interest. The consequences of it may include switching the devices to more secure ones, limitation of the topics he can discuss using less secure devices and awareness of the constant monitoring of his activities. So, if Secret Service can ensure that the President uses Blackberry only for his personal purpose and for all his political activities the more secure devices are used, having a Blackberry is not an issue. What concerns me the most is the GPS receiver embedded in the phone that might allow somebody to track the location of the President.
Comment by oterod
January 24, 2009 @ 12:06 am
Whether or not the FOIA is a primary concern in the investigation, to me, is irrelevant. Yes, the FOIA is a critical piece of legislation and allows public introspection of government, but much more havoc can come from misappropriation of information on and control of the President’s Blackberry than could from concealed or wrongly categorized communication.
The President of the United States is, for the time being at least, one of the most, if not THE most, powerful person on the planet. The President is privy to unreal amounts of sensitive information, and his/her authority allows earth-shattering events to unfold, such as the launch of nuclear warheads. The risk to the US and, more importantly, the rest of the world, if a weak link in Presidential security were to be exploited could be catastrophic…and not in the sense of Nixon’s presidency.
Comment by jap24
January 24, 2009 @ 6:05 pm
There was an article about this in the Seattle Times.
That article mentioned that only certain people would be given the President’s email address to limit who can communicate with him. This wouldn’t work very well because any one of those people could give out his email, accidentally or on purpose, and then he would need to deal with any number of people sending him unwanted messages.
Maybe a more effective measure would be to have multiple accounts that all forward to the President’s main account, and tell each person who has permission to contact the President a different account. That way, a leak from a single person could be easily traced, and unwanted email could be stopped by closing that forwarding account. Though for all I know this could be how they’re actually planning to do it.
I agree with Justine that the President is not likely to be using a Blackberry to send out secret information. It’s more likely to be used just for keeping up with friends. So I doubt that anyone could learn any national secrets from reading the messages he sends over it, or that anyone could fake sensitive orders by taking control of it and sending messages.
Comment by mcam
January 25, 2009 @ 12:21 am
we’re hella paranoid. We might be placing a little too much emphasis on BarackBerry. With every technological advancement, there are risks that come with it. So first it was physical mail (mail in evil’s hands), then telephone (conversations in evil’s ears), then fax (data in evil’s reach?), then the internet (well it’s just evil all together), then cellphones (evil on the go)… people have to deal with it. President no less. Again, techno security is not new. We cannot achieve perfect security but we can make sure that we’re darn close. It’s great that we see all the holes and flaws, but please… it’s not new. What’s more important is that we (erm or the govnt) would make it better and more secure.
Comment by elenau
January 30, 2009 @ 5:02 pm
Great post.
Yes indeed, Obama will be the center of attention of many people good and bad. There is no doubt that it will be in somebody’s interest to steal his email threads, record his voice, or listen to the conversations. Unfortunately, with technological advances, more can be done by use of devices, and since there is no such thing as “perfect security”, all of that information turns out to be reachable by adversaries.
I agree with previous posts, that some of security vulnerabilities could be eliminated, if Obama was to use a simpler phone device. However, it is an inconvenience, and in this case – a huge one. Imagine crazy schedule with meeting, TODO tasks, reminders, e-mails, contacts… Yes, we want to provide a decent degree of security, but a sacrifice of efficiency can be too valuable.
I think for every dilemma, where the compromise has to be made there is a good middle spot. For this case, I can imagine some other security initiatives to be taken, such as separation between top-secret correspondence, private communication, daily calls/e-mail/notes. There is no doubt that some information is more valuable that other. I cannot imagine Obama having a single e-mail address. That would be a disaster.
In real life, there are multiple different sources where Obama gets his correspondence. Some get filtered through one secretary, some get filtered through some supervisor, and so on. University students can have a heavy load of e-mail daily, managers of an average business would often get hundreds of messages, and the amount of correspondence directed to Obama is enormous.
In my opinion, Obama should be able to use Blackberry. Nowadays even for a regular citizen it is often hard to keep up with schedule and contacts. However, everything that goes through any piece of technology should be watched. Obama has to be careful with the information contained or transmitted by the device, and understand the risks.