

Obama can't have a BlackBerry. Should your CEO? - ccraigIW
http://www.infoworld.com/article/08/12/09/50FE-obama-information-security_1.html

======
hxa7241
'National security reasons'? More like they don't want info being seen by the
public, due to the Presidential Records Act.

------
iigs
I'm told that the tunnels between the handsets and the corporate BES servers
are encrypted and that RIM doesn't have the ability to do key escrow or any
other kind of on-demand analysis of the traffic. Even supposing that to not be
true, the chances of espionage via blackberry surveillance are astronomically
small compared even to people attaching data to an email and typing in "John
C<tab>" to the To: list, getting John Competitor instead of John Coworker.
This again is overshadowed by having a disgruntled or compromised employee on
email threads leaking data.

Device loss can be mitigated by security policies (remote wipe and wipe on N
bad passwords) and basic executive training on what to do in the event of a
loss or theft.

Just about any other attack vector could be worse or at least as bad, and
substantially easier to implement. Not really worried about it.

~~~
anamax
> Device loss can be mitigated by security policies (remote wipe and wipe on N
> bad passwords) and basic executive training on what to do in the event of a
> loss or theft.

Nope - device loss can't be mitigated by any post-loss action. At best, you
can try to reduce data lose, actually exposure, but only to folks who don't
know what they've "found".

Any wipe scheme depends on the device continuing to be run under the original
programming. If the KGB gets Obama's cell, they pull the storage devices and
start looking at them with their own tools, completely circumventing any
"wipe" scheme.

BTW - "wipe on N bad passwords" can enable a denial of service attack....

------
boredguy8
Yes, if she wants one. Security is always in part a question of magnitude &
probability. Both are quite a bit higher for the POTUS than for J. Random CEO.

