Much has been revealed about the modifications made to Obama's BlackBerry. \nHowever, we can get a clearer picture by piecing the various reports together \nwith what we know about the BlackBerry. Let's start by taking a look at the \nfacts.

Excerpt from the Chicago Tribune:

Obama's new BlackBerry will come with software approved by U.S. intelligence \nofficials, allowing him to communicate with friends, family and close associates \nwithout fear of hackers reading his private e-mail.

Mentioned in various news reports were a number of "compromises” that \nPresident Obama had to adhere to before he got his way.

The Seattle Times newspaper lists the \ncompromises:

• First, only a select circle of people will have his address, creating a true \nhierarchy for who makes the cut and who does not. \n
• Second, anyone placed on the A list to receive his e-mail address must first \nreceive a briefing from the White House counsel's office. \n
• Third, messages from the president will be designed so they cannot be \nforwarded.

The security concerns

From the above facts, it is possible to figure out the security concerns that \na smartphone-toting President will bring about. Foremost would be the risk of \ninterception and decryption of data to and from his smartphone, as well as those \nwith whom he is corresponding.

Detractors might also point out that the various encryption employed by \ncellular networks are known to be breakable. In addition, the wireless nature of \ncell phone technology means that it is also theoretically possible to \ntriangulate the President's location. However, I would submit that these \nproblems are inherent to any mobile devices — and not just to smartphones in \ngeneral. As such, I will not be exploring this angle.

How does a standard BlackBerry work?

It is clear from the comments to Michael's earlier post that there is some \nconfusion about how a BlackBerry works. Let me try to summarize it here.

In a typical enterprise implementation, e-mails and messages are sent via \nencrypted UDP data packets generated from RIM's BlackBerry Enterprise Server \n(BES). The BES sits behind the firewall, and its primary task is sending the \nmessages via a RIM-run NOC. The NOC is then in charge of forwarding the \nencrypted data packets to the correct BlackBerry smartphone. The data packets \nare useless to any other smartphone because they will not have the correct \nAES-128 key required to decrypt the data packets.

On a side note, you might be interested to know that the use of UDP packets \nmeans that the BlackBerry smartphone is much more data efficient than \ncompeting push mail strategies such as the HTTP-based Direct Push \nimplemented by Microsoft.

In conclusion

It is possible to draw a number of conclusions from the above-mentioned \nfacts. First of all, the modified BlackBerry OS on Obama's BlackBerry probably \nbumps up the encryption from AES-128 to AES-256. This has been noted on some \nnews sites, though in no way officially confirmed. If true, it must be noted \nthat such a move represents an exponential increase — and not just doubling — in \nthe strength of the encryption.

It is hard to say if RIM allowed the creation of a custom NOC specifically \nfor Obama's BlackBerry "network". However, being able to tap into the data \npackets destined for his device would only be as useful as sniffing the \nencrypted data streams out from the cellular network.

As pointed out by some TR members, it is also likely that features such as \nBluetooth, wireless LAN, and the built-in GPS are stripped out from Obama's \nBlackBerry. Similarly, the ability to send text messages is likely to be \ndisabled as well.

As for the mandatory briefings, they are likely to have been related to steps \nto take should they lose their BlackBerry smartphones. I would imagine a \nsecurity officer would move quickly to invoke a remote device wipe.