Hacker News new | comments | show | ask | jobs | submit login
How Obama's BlackBerry got secured (electrospaces.blogspot.com)
83 points by trauco on Oct 25, 2013 | hide | past | web | favorite | 32 comments

That US presidents are willing to completely give up email to avoid the Freedom of Information Act (FOIA) seems pretty shady. I could see if they were mob bosses running a criminal organization but "public servants" - really?


Not one tech company in the world publishes all (or really, any) of the work emails of their executives, and that's exactly what the records act does to the President.

Access to presidential records is actually quite restricted including a 12 year delay in most cases[1]. I think the article is incorrect that a FOIA request could force the president to produce an email.

And unlike tech execs and anyone else the president is not subject to search warrants or subpoenas in many cases due to "executive privilege"[2].

The PRISM program, which captures a huge fraction of world email traffic, is "the most prolific contributor to the President’s Daily Brief" according to the NSA[3]. Reading other people's email on a regular basis probably makes you cautious about your own email habits rather than being worried about FOIA requests you can probably ignore.

Despite all of these protections our presidents still feel they have to take the extraordinary step of not using email at all. Very shady.

[1] http://www.archives.gov/about/laws/presidential-records.html

[2] http://en.wikipedia.org/wiki/Executive_privilege

[3] http://www.washingtonpost.com/investigations/us-intelligence...

I think the logic goes along the lines of "better safe than sorry". They can make do fine without email, they have really smart people with good memories that can make this all happen in non-record-producing conversations, so why create the paper trail?

It doesn't even mean they're being shady, I mean they are, but 99% of the time we're talking about routine conversation. What if you had a bunch of people trying to do a hatchet job on you, ready to take any sentence out of context and leak it?

There are limits to executive privilege, as Nixon discovered. That's why the White House isn't routinely bugged anymore, much to the consternation of historians.

all usa ones does that under sox when required by court. or something close to that...

> This would mean the White House Communications Agency has to carry such a secure base station wherever the president goes.

If they're already doing that, the rest of this seems a bit silly. Why bother with a cellular-modem connection at all, if you're just going to route it (presumably using a 4G picocell) back out over IP? I can understand the custom encryption, but you can do that just as effectively over wi-fi.

because cellular data connection was written in the approved requirement.

Incredible how the whole thing just shout inefficiency and huge price tags all over the place.

What is wrong with securing the device with a VPN or something and then using the same services that the entire government already use on desktops?

You don't want to use the same VPN everyone else is using. You don't want to take critical security updates, because you need to have CIA analysts do a thorough source code audit of any software provided by untrusted parties. This isn't tin foil hat stuff either - it's entirely likely that if the president used off-the-shelf VPN software that a foreign government would get an operative into Cisco or wherever and slip a backdoor in.

So either you convince Cisco that they need to fire any non-US nationals involved in packaging/bugfixes/security and have everyone submit to security screening, or you build your own.

I don't understand why so much weight is given to the difference between US and non-US nationals. And in my experience, it's pretty common to see the US assign a pretty high amount of trust by default to US citizens.

For example, a few months ago I visited a friend there, and I got to tour the SpaceX factory. Since I'm foreign, he had to jump through some hoops and there were parts of it the factory that were off-bounds for me.

I know there are very tight controls on space-related industries and I can understand the no-pictures policy, but I don't know why it makes such a big difference whether I was born elsewhere.

Because you are a foreigner. My government has done horrible things to many people in many countries. They are afraid of blowback.

In all honesty, if you are an intellectual, go elsewhere than the US. We're slowly turning technological backwater because we do not cater to smart people who were born in (gasp) other countries.

As for me, I'm stuck here, due to family ties and money. I wish you the best, wherever you go.

The CIA doesn't do that.

so you are affirming all the network the white house used until obama's blackberry was not yet vetted?

From the article I get the impression that the NSA wants him to use stronger (classified) encryption algorithms.

Sure, if you want commercial grade security. Given the current state of such things and tbe risks associated with the POTUS that would be only a half step above doing nothing at all.

Basically they asked the NSA which knew how to tap the blackberrys and other mobile devices of 35+ other world leaders.

Thank you so much Blackberry team. I was waiting this app. It is really great user friendly and smooth.

Please post the following comment on the new BlackBerry Messenger Android APP. Thank you so much black berry team

Isn't it funny that Obama uses a Canadian phone?

Not really. Choose the best tool for the job. At the time, for secure mobile communication, that was BlackBerry.

Some would argue that's still true today.

What is especially playful is the article's headline. I mean, some people don't feel like they can toy with their own mobile devices right now--even though Obama got to keep his beloved berry. And it is quite a naughty situation. Germany's lady chancellor is not amused, for example. : )

I hope that they put a backdoor in it so that they can learn about European secrets...

And since the parts of todays phones are usually manufactured in China, the Chinese officials should be informed very well too. Since the Russians seem not to be a part of the chain, it seems to be obvious, why they need Snowden. :)

seems that everybody has opportunity to plant datacollecting backdoor somewhere along digital data road. Android/iOS/Windows, intercontinental data cables, PC/phone manufacturer firmwares, asian chip foundries and harddrive makers, wifi routers, cellular stations, USB flash producers, etc. Everything from data storage to network equipment has some kind of arm-controller with megabytes of RAM. enough for logging and calling home. Surprisingly, this makes all major countries happy rather than disappointed.

Some parts of the UK Government (principally the Foreign Office) use an OS called Firecrest for their secure systems. As I understand it Firecrest is built on a fork of Windows Vista

In this Foreign Office memo [1] from April 2006 "Firecrest is the FCO's IT infrastructure; it sits on the desks of our staff around the world. Firecrest is a globally-networked desktop system that provides users with a standard suite of Microsoft office products including Outlook email, web browsing, Access databases and Excel spreadsheets. Firecrest was developed in 1997 and in 2003 the FCO completed the roll out of the current generation of the system."

Whilst the timing is slightly out (Vista wasn't released to the public until 2007?) it may be possible that Microsoft provided them with a version forked from a much earlier build.

However, the memo does go on to say that the Government were planning a third generation of Firecrest due to be rolled out autumn 2006 with support from HP. This might be the version that is forked from Vista?

[1] http://www.publications.parliament.uk/pa/cm200506/cmselect/c...

Do you have any or first hard experience or reference to that?

All this because he couldn't give up his blackberry. SPOILED!

What, they didn't use WordPress?

They were too busy using Drupal.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact