How Something as Seemingly Benign as White House Email Can Have Freaky National Security Consequences
David Gewirtz is the author of Where have all the Emails Gone? which was published in 2007. He has also written more than 700 articles “about technology, competitiveness, and national security policy.” David has agreed to an extensive interview with OpEdNews. This is the first of a three-part series.
Welcome to OpEdNews, David. In an article you wrote after Obama’s victory but before his inauguration, you pleaded with him to treat the White House computers like evidence at a crime scene. Why did you say that?
>As you know, there is a continuing search (or at least quest) for email messages that were sent by Bush White House officials and which could not be produced according to the FRA and PRA. At the time, there was some hope that some of those messages might be recovered by incoming Obama administration officials because old computers can tell tales, and although many of the Bush computers were carted off to undisclosed locations, the hope was that some would contain some of missing records documenting a key time in American history.
President Obama has now been in office for several months. Has this administration taken your words to heart?
> Apparently not. In fact, the Obama administration seemed to fight the disclosure of Bush-era email messages. I wrote about this very curious situation in an article for CNN.
So, where does that leave us?
> It’s really an interesting problem. Presidents don’t like to disclose their email (Democrat or Republican) and tend to support their predecessor’s “right” to not disclose those records, even though the law requires it. Even though President Obama came into office on a change platform, in this area, his administration is tracking with all that came before him since the early days of email.
You refer to Blackberrys as “little mobile nightmares”. Why?
>Wow, there’s about five articles in that answer, but let’s look at a few simple points. First, these device contain a lot of data and that data can get lost. There are a bunch of examples of this, including sensitive security information. Secondly, BlackBerry devices and some other smartphones can be tapped with a hidden software program that can turn them into locating devices, bugging devices, and data logging devices. But, most of all, these – like iPods – are really powerful little computers that can bring programs like viruses (on purpose) behind secure firewalls and take data out much easier than stuffing it in a briefcase.
Old-school BlackBerry phones (from a year or so ago) can store about 64 megabytes of data. How much is 64 megabytes of data? The King James Bible is about 1,120 pages, or about 2.5 megabytes, so a typical 64 megabyte BlackBerry could hold about 25 King James Bible's worth of information. That's the equivalent in strategic U.S. government information of about 28,000 printed pages of data, or seven complete sets of all seven Harry Potter novels.
Yikes. It does sound like a security nightmare. What do we have to do in order to sleep better at night?
>Fundamentally, your best protection is learning. There are some basic steps you can take that will improve your protection considerably and I document them on my online safety page on my Web site. There are ten steps listed at http://www.davidgewirtz.com/safety and if you follow those tips, I can’t guarantee you’ll be perfectly safe, but you’ll be measurably safer.
Do other countries handle these issues better than we do?
>Not so much. No. The U.K. has had some serious problems with missing data off phones, cameras, and flash cards.
Which news stories have vindicated your fears and warnings as pointed out in your many articles and recent book?
>Oh, heck. So many. The scariest one was when a Mexican advance man for a meeting between President Bush and the leaders of Mexico and Canada stole BlackBerrys from White House personnel and had them in his control for an extended period of time. But we’re seeing an almost constant flood of stories of cyberhacking, loss of data, missing information, and more. I also wrote an article about security flaws at the FTC and Homeland Security that’ll curl your hair.
Any chance someone might be listening and taking this seriously?
>Absolutely. I first started to explore the issue of BlackBerry security when I read congressional testimony by Susan Ralston, Karl Rove's assistant. Before this, I hadn't realized the risk. But when a deputy chief of staff loses a BlackBerry -- and you realize just how much data can be stored on one -- I started to pay attention.
Initially, it seemed like just another over-anxious tech geek whining about a problem. But then, when White House BlackBerrys were stolen by a Mexican operative, my earlier analysis seemed more and more prudent. As the White House BlackBerry theft story got out, more and more people started to pay attention.
And then, as I learned more and realized that once a BlackBerry is in someone else's hands, it has the potential to be tapped and turned into a bugging device, I realized this was an actual threat. Yes, I know some people claim it can't be done, but there's software on the Internet sold to do just that -- marketed as a way to listen in on a cheating spouse. Some experts also claim you can't break BlackBerry's security, but I wouldn't want to put the determined efforts of a major nation state against some crypto created by a private company. The scale of the resources brought to the problem are radically different.
I honestly believe this is why the story about President Obama's BlackBerry had such stickiness -- people were not only aware of the cool-factor of a tech-savvy President, but were also aware of the security issues. I'd probably done 50 interviews on BlackBerry security issues by that time, reaching millions of listeners and readers.
I also ran a series of articles on this for CNN. President Obama, while keeping his phone, has indicated a clear awareness of what's appropriate and what's not, and has also indicated an awareness of both the security issues and the political issues and has kept the number of people he communicates with through his mobile device to an absolute minimum.
Thank you, David. I’m looking forward to hearing more in the next two installments of our interview.
Some further reading for extra credit: