Dept of Foreign Affairs to ‘review’ push email policy

4 Jun 2008

The Department of Foreign Affairs has confirmed it is reviewing its push email for mobile policy after it emerged in recent days that officials were being told not to use devices like BlackBerrys for fear of data leakage.

In the aftermath of recent data security scandals over missing laptops at Bank of Ireland and the Irish Blood Transfusion Service whereby information about thousands of private citizens fell into criminal hands, officials at the Department are afraid sensitive emails could be intercepted by criminals.

A spokesperson for the Department of Foreign Affairs told “The department does not currently use BlackBerry or BlackBerry-type devices.

“The department is reviewing the feasibility of introducing ‘push email to mobile’ devices, including their compatibility with the security requirements of its existing ICT network.

“This review should be completed by the end of the year,” the spokesperson added.

The situation at the Department of Foreign Affairs comes hot on the heels of a stand-off between the creators of the eponymous BlackBerry device, Research in Motion (RIM), and the Indian Government.

The Indian Government demanded the right to monitor mobile emails to counter terrorism and denied a carrier’s application to deploy a BlackBerry service unless RIM allowed the government to install interception equipment.

RIM is currently in discussions with government officials regarding access to its system architecture.

Security expert Owen O’Connor of the Irish chapter of the Information Systems Security Association (ISSA) said the odd thing about the Department of Foreign Affairs’ stance is that for most organisations the BlackBerry is actually the most secure option for remote email and even for secure remote access to applications on the corporate network.

“From the very early days of BlackBerry devices, RIM have had an extremely advanced security model, from the way their operating system and applications operate to the way they connect trusted devices (BlackBerrys and corporate servers) across untrusted networks (the internet, cellular networks and now Wi-Fi networks).

“As a security manager, the BlackBerry has always been bottom of my list of security concerns and was always a pleasure to secure – for example ‘remote kill’ functionality has been available for BlackBerry devices for as long as I can remember, so stolen devices were never a major concern.”

O’Connor said that equally the security features of the BlackBerry Enterprise Server (BES) are remarkably complete.

“For instance, each time a new device or OS upgrade provides some new function (camera, Wi-Fi, memory card) the BES security options have also been updated so that organisations could disable or manage the new function.”

By John Kennedy