According to a report in The Guardian (see disclosure), the latest BlackBerry devices have been deemed insufficiently secure for government use in the UK. The article maintains that Communications-Electronics Security Group (CESG) – the information assurance wing of intelligence agency GCHQ – examined the Z10 and its BlackBerry 10 software, concluding that their implementation of the BlackBerry Balance work-life-separation feature fails the government’s strict security requirements.
This would be a terrible blow to BlackBerry, which desperately needs BlackBerry 10 to succeed if the company as a whole is to survive. BlackBerry’s biggest selling point has always been its security, and indeed version 7.1 of the software was approved by CESG just last November. The only problem is that – according to both BlackBerry and CESG – the Z10 and its OS have not been nixed.
Here’s what CESG said:
“Discussions with BlackBerry are ongoing about the use of the BlackBerry 10 platform in government. We have not yet performed an evaluation of the security of that platform, but we expect to be issuing Platform Guidance in the summer. This will cover a number of platforms including Blackberry 10 (and the use of ‘Balance’).
“We have a long standing security partnership with BlackBerry and this gives us confidence that the BlackBerry 10 platform is likely to represent a viable solution for UK Government.”
As for BlackBerry itself, the company called The Guardian‘s report, and others repeating its claims, “false and misleading”:
“BlackBerry has a long-established relationship with CESG and we remain the only mobile solution approved for use at ‘Restricted’ when configured in accordance with CESG guidelines. This level of approval only comes following a process which is rigorous and absolutely necessary given the highly confidential nature of the communications being transmitted.
“The current re-structuring of this approval process, due to the Government Protective Marking Scheme review and the new CESG Commercial Product Assurance scheme has an impact on the timeline for BlackBerry 10 to receive a similar level of approval.
BlackBerry went on to point out that both the U.S. and German authorities have given BlackBerry 10 the all-clear, and it expects the British to do the same.
So what’s going on here? If you look very carefully at the wording of the denials, the anonymous sources that informed the original article may well have been correct – it could still be the case that the Z10 flubbed a specific test, resulting in CESG going back to BlackBerry and asking them to fix the problem. This would qualify as “ongoing discussions”, and when CESG says it has “not yet performed an evaluation of the security of that platform”, those words could be taken to mean the full evaluation has not yet been completed.
However, it is certainly not the case that the Z10 and BlackBerry 10 have been rejected outright by the UK’s spooks and their vetting processes. We’re probably looking at a situation where BlackBerry will update the platform, and CESG will take another look before drawing firm conclusions.
For now, BlackBerry can continue to claim the security cred it so desperately needs.
Disclosure: Guardian News & Media, which publishes The Guardian, is a minority investor in GigaOM.