Push-Mail Security

Mobile e-mail devices that work with the so-called push-mail approach are lacking data security. This is the conclusion of the German Federal Ministry for Security in Information Technology (BSI) in an internal security analysis, extracts of which have been published in the leading German business journal Wirtschaftswoche.

Mobile e-mail services such as BlackBerry have not only achieved great success among directors and managers who work at a global level; sales staff, customer service providers, and other external service staff who spend a lot of their time on the move also find that they can no longer work without their mobile companions. Currently, more than 3.5 million BlackBerry devices world-wide are being used in companies.

In particular, the BSI’s analysis covered the security architecture and infrastructure of the BlackBerry, which is made by the Canadian manufacturer Research in Motion (RIM). The BSI report found that BlackBerry devices “cannot (be) recommend(ed) for security-critical applications in public administration.” It also states that BlackBerry models are not suitable for use in security-sensitive areas of public administration and in companies that are in danger from espionage.

Among other things, the reason for this is that all messages handled by the BlackBerry devices in Europe, that is, the content of all communications, are transferred via the RIM Operations Center in the UK. Theoretically, the British security agency has the legal right to access that data in the interest of national security.

The discussion about potential security problems followed reports about doubts about the use of BlackBerry at Audi, in the German computing magazine Computerwoche, and concerns at the British Broadcasting Corporation (BBC), which banned all managerial staff from using the push-mail service after fragments of e-mails were sent to other BBC staff than intended.