Berry insecure?

  • February 03, 2014
  • Jason Scott Alexander

Your BlackBerry contains an astounding amount of valuable information, including any number of communications that may be subject to solicitor-client privilege. Yet mobile devices are notoriously insecure, both in terms of technology and of being left in a restaurant or cab. Is your Blackberry a weak link in your security?

In fact, Blackberry communications are some of the most secure you’ll ever make, according to experts. RIM uses a 256-bit “strong encryption” scheme over its networks that the U.S. National Security Agency (NSA) recognizes as suitable for classified information. Still, security factors do exist that should be a priority for lawyers.

“There is sometimes a sense of ownership with the individual and a greater willingness or interest in adding personal services to the unit that can expose the organization to risks,” says Ariane Siegel of Gowling Lafleur Henderson in Toronto.

“Installation of unsanctioned applications can introduce back doors for third party attacks called “Blackjacking,” she says, signaling the need for extreme vigilance when acquiring new software, or restricting application downloads to the device entirely.

Weak BlueTooth settings between your BlackBerry and devices, such as a portable folding keyboard, hands-free earpiece or car kit, can also allow savvy techno-criminals to hack your Blackberry with nothing more than a laptop and line of sight to your device.

And of course, physical loss or theft is also a form of security breach. “Unfortunately, many lawyers have formed resistant attitudes around the requirement to set a password on the device,” notes Siegel. “Another trap is not setting it to lock when cradled, or setting overly long time periods by which their Blackberry units can stay logged in before locking and requiring the password to be re-entered.”

Finally, any good security foundation must include educating both sender and receiver that wireless communications can be monitored by the most unlikely of sources. “The concerns are the same as with e-mail — the technology is not fully secure and clients should be advised of the associated risks,” says Dr. Michael Geist of the University of Ottawa faculty of law.

“As more and more sensitive traffic travels on Blackberry networks, there are sure to be questions about the prospect that law enforcement demand access to some of that information. This raises significant privacy concerns.”

— Jason Scott Alexander