Let’s just agree that comparing the Obama campaign, and now the Obama transition, to Michael Ritchie’s 1972 film The Candidate is already a cliché, to be avoided in serious political commentary. But let’s make that agreement starting tomorrow, because, frankly, the comparison is just too delicious. Reading the coverage of the campaign, and the way the Obama team is now dropping back to Clinton veterans for the transition, you can just hear Obama’s mellifluous voice saying “But what do we do now?”
The most recent of those comes in the recent New York Times article “Lose the BlackBerry? Yes He Can, Maybe”. It seems that Obama, as well as having his documented issues with getting off tobacco, is a Blackberry addict. I sympathize: I’ve watched friends dealing with the “crackberry” problem — the sniveling, the nervous thumbs, the haunted look.
The problem? It’s not clear that email is consistent with the job and legal requirements of the commander in chief. One important reason is security: it is extremely difficult to securely transmit email, making sure it’s only received by the intended recipient, and it only gets worse when the email is transmitted over the air as it would be to a BlackBerry. There are encrypted military networks that are considered relatively secure, but the president, by definition, pretty well has “need to know” for anything, and constantly is synthesizing and deciding issues that may affect many different topics and areas. The technical term for this kind of message traffic, from the security standpoint, is “a nightmare.”
What’s more, it’s not just the content of his emails that can be revealing: as I discussed in my recent article about the security risks of using Twitter, there is another kind of intelligence gathering, called traffic analysis, in which the mere fact that a message is being transmitted can provide information to an adversary. (There is a famous example of traffic analysis that came out of Desert Storm, the first Iraqi campaign. It seems that as planning for the initial attack began, there were many late nights worked in the Pentagon. People forced to work late need food, and a common practice at the Pentagon was to order out for pizza. Some smart reporter realized this, and started paying the local Domino’s for information; when the demand for late night pizza surged, they had good reason to think that something was up.)
An interested foreign power might very well be able to tell a lot about what was happening, just by observing the number of messages the president sent during the course of a day.
What’s more, while BlackBerries do have encryption, the truth is they are not really very secure.
They need to be available to the ordinary user, and additional security always makes a device less convenient to use. They also need to be able to install code updates and open web pages, and that introduces some other vulnerabilities. A foreign power that was determined could almost certainly introduce a malicious application into a standard BlackBerry, and once they had, all is lost. (There are technical solutions for this problem in what is called “multilevel secure trusted systems.” One commercial example is Solaris 10 with Trusted Extensions. None of the commercial email systems is in any way “multilevel secure.”)
Then there are the legal issues: under the Presidential Records Act, any official communications from the President’s and Vice President’s Office must be retained, at least until the Archivist can confirm whether they must be preserved long term. This has been interpreted in recent years to include everything including the visitor log at the vice president’s residence. It would certainly include BlackBerry emails, even private ones. It was just this kind of issue that caused George W Bush to sign off his email completely just before his inauguration.
These really aren’t new issues; it’s only that they’ve become important to people outside the security and intelligence community just in the last few years. Clearly, we don’t want to risk the president’s online identity being stolen; a hacked email account could be a lot more than simply an embarrassment. But the retention requirements for even ordinary businesses have become onerous and expensive. Perhaps, while he’s trying to recover from the loss of his BlackBerry, President Obama might ask himself if there isn’t a better way to balance the legal requirements for records against the desire to email “How ’bout them Sox!” to a friend.