12 Comments

Summary:

Both BlackBerry and the UK intelligence services have denied reports that the Z10 and its BlackBerry 10 software have been nixed for governmental use due to security fears.

spythumb

According to a report in The Guardian (see disclosure), the latest BlackBerry devices have been deemed insufficiently secure for government use in the UK. The article maintains that Communications-Electronics Security Group (CESG) – the information assurance wing of intelligence agency GCHQ – examined the Z10 and its BlackBerry 10 software, concluding that their implementation of the BlackBerry Balance work-life-separation feature fails the government’s strict security requirements.

This would be a terrible blow to BlackBerry, which desperately needs BlackBerry 10 to succeed if the company as a whole is to survive. BlackBerry’s biggest selling point has always been its security, and indeed version 7.1 of the software was approved by CESG just last November. The only problem is that – according to both BlackBerry and CESG – the Z10 and its OS have not been nixed.

Here’s what CESG said:

“Discussions with BlackBerry are ongoing about the use of the BlackBerry 10 platform in government. We have not yet performed an evaluation of the security of that platform, but we expect to be issuing Platform Guidance in the summer. This will cover a number of platforms including Blackberry 10 (and the use of ‘Balance’).

“We have a long standing security partnership with BlackBerry and this gives us confidence that the BlackBerry 10 platform is likely to represent a viable solution for UK Government.”

As for BlackBerry itself, the company called The Guardian‘s report, and others repeating its claims, “false and misleading”:

“BlackBerry has a long-established relationship with CESG and we remain the only mobile solution approved for use at ‘Restricted’ when configured in accordance with CESG guidelines. This level of approval only comes following a process which is rigorous and absolutely necessary given the highly confidential nature of the communications being transmitted.

“The current re-structuring of this approval process, due to the Government Protective Marking Scheme review and the new CESG Commercial Product Assurance scheme has an impact on the timeline for BlackBerry 10 to receive a similar level of approval.

BlackBerry went on to point out that both the U.S. and German authorities have given BlackBerry 10 the all-clear, and it expects the British to do the same.

So what’s going on here? If you look very carefully at the wording of the denials, the anonymous sources that informed the original article may well have been correct – it could still be the case that the Z10 flubbed a specific test, resulting in CESG going back to BlackBerry and asking them to fix the problem. This would qualify as “ongoing discussions”, and when CESG says it has “not yet performed an evaluation of the security of that platform”, those words could be taken to mean the full evaluation has not yet been completed.

However, it is certainly not the case that the Z10 and BlackBerry 10 have been rejected outright by the UK’s spooks and their vetting processes. We’re probably looking at a situation where BlackBerry will update the platform, and CESG will take another look before drawing firm conclusions.

For now, BlackBerry can continue to claim the security cred it so desperately needs.

Disclosure: Guardian News & Media, which publishes The Guardian, is a minority investor in GigaOM.

You’re subscribed! If you like, you can update your settings

  1. Your a moron. Where is the clarification provided by CESG? why bother printing only half the story? Oh yeah, you have other incentives to do so.

    1. Sorry, I’m not following you. I included CESG’s statement in its entirety. Which other half of the story are you referring to?

      1. @David Meyer

        Re “So what’s going on here? If you look very carefully at the wording of the denials, the anonymous sources that informed the original article may well have been correct – it could still be the case that the Z10 flubbed a specific test, resulting in CESG going back to BlackBerry and asking them to fix the problem.”

        This is more baseless innuendo, contradicted by facts in your own article. CESG clearly states:

        “We have not yet performed an evaluation of the security of that platform.”

        So, unless you feel CESG is lying (and if so, say so), how could BB10 fail a specific test if an evaluation had not even been performed yet? This is just more cheap journalism.

        My best guess for what really happened is that someone, on the verge of the US Z10 launch, all eyes often, whispered into Charles Arthur’s ear (the Guardian “journalist” who broke this smear job), and Arthur was either too lazy or too corrupt to call CESG and verify the story.

        Arthur hasn’t had the decency to issue a retraction. Do you?

        .

        1. I never said CESG was lying. What I said was that there is wriggle-room in CESG’s phrasing. Let me reiterate and expand on what I said in the article: to say the evaluation has not yet been performed *could* mean that its performance is not complete – I could be halfway through a race, for example, and justifiably say that I have not run the race, because I have not finished.

          Furthermore, you seem to be confusing my suggestion that the *source* of the original article was on target with me saying the original article itself was on target. It was not: it stated categorically that the Z10 had been rejected outright, and that was incorrect.

    2. You must be the moron. This was a good article. Moron.

  2. Good article. Finally, the truth!

    1. Not such a great article. The Guardian has pulled the original article and says it will be releasing a retraction. As it stands, and as SamfromDowntown pointed out, BlackBerry 10 has not been tested by CESG. This has been confirmed again by CESG, BlackBerry and now the Guardian as well. Shoddy work, really. People need to read things carefully before just spewing out conjecture.

      1. See my reply to SamFromDownton above.

  3. Smart Phones are for Smart People, for everyone else, theres iPhone!

    Never read an article from David, dont think I will or maybe for a good laugh.

    Bottom line in Jurnalism, CYA, and get your facts staight. Your BUSTED.

  4. “…it could still be the case that the Z10 flubbed a specific test, resulting in CESG going back to BlackBerry and asking them to fix the problem. This would qualify as “ongoing discussions”, and when CESG says it has “not yet performed an evaluation of the security of that platform”, those words could be taken to mean the full evaluation has not yet been completed”

    No, no it doesn’t, it actually means they haven’t been performed. To word this as simply as possible.. if you’re insinuating that the CESG performed a test and flunked BB10 then that would mean an evaluation ‘has been performed’. Either way, ‘has not been performed’ doesn’t mean ‘has been performed’ or ‘is being performed’, notice how the CESG didn’t use either of these combination of words? That’s because they’re saying that no evaluation has been done, meaning, there is no evaluation in progress or ever has been. Your example of running a race was horrible by the way. If one is running a race, people do not say, ‘the race has not yet been performed’ they say ‘the race is being performed’. Why? because ‘has not been performed’ doesn’t mean at all that something is ‘being performed’.

    Last, like you showed, BB said this.
    ‘The current re-structuring of this approval process, due to the Government Protective Marking Scheme review and the new CESG Commercial Product Assurance scheme has an impact on the timeline for BlackBerry 10 to receive a similar level of approval’

    Seriously, you went forever on the semantics of a word (which you got wrong anyways) yet you didn’t even look at this statement? This means, that the CESG is changing their security protocal for all mobile devices at the moment so all the rules are changing. This also means that since they’re changing their security standards they’re not going to be able to accept ANY new devices until their restructuring is complete, it’s that simple. It would simply be idiotic for someone who doesn’t even have all their security standards set to just look at something and stamp ‘approved’ on it regardless of the history of business.

    Honestly, you’ve never worked in a field where you had to work with Q&A? Nevermind, I can tell just by looking at the article…

  5. This article starts with “According to a report in The Guardian”.

    So David Meyer wrote this article based on another article which has already been RETRACTED.

    Am I missing something here? How does one consider themself to be a journalist when they write articles based on information that has already been shown to be false?

    Amateur journalism at it’s finest.

    1. When I wrote this article, I was debunking the Guardian’s article, which was still up at the time. I’m not certain why this is so difficult to understand, nor why certain commenters seem to think I was repeating rather than analysing The Guardian’s claims.

Comments have been disabled for this post