'BarackBerry' dilemma highlights lack of data protection for all

NET RESULTS: PANIC, TURMOIL, and headlines across newspapers, blogs, discussion boards and news sites

NET RESULTS:PANIC, TURMOIL, and headlines across newspapers, blogs, discussion boards and news sites. The world waits to see how the US President-elect will resolve the difficult situation.

It is the question of the moment for Barack Obama. You've probably read about the crisis: how will he survive without his BlackBerry?

For yes, the Technology President, the man who won an election helped by the greatest online mobilisation on behalf of a cause, ever, may have to surrender his geek e-mail access device of choice, his BlackBerry.

The alarming nature of the situation is revealed, headline by headline. Is it Bye Bye BlackBerry for Obama? (AFP), Lose the BlackBerry? Yes he Can, Maybe (New York Times), No BarackBerry? (Financial Times) and a heartfelt show of sympathy: First Cigarettes, Now This? (KWTX, Texas). At the Wall Street Journal, security guru Bruce Schneier weighed in as well: Why Obama Should Keep his BlackBerry - But Won't.

READ SOME MORE

Schneier's piece, along with a BusinessWeek column by Stephen Wildstrom, are amongst the handful of commonsense voices on the issue. So what if e-mails and other forms of electronic communication are subject to the Presidential Records Act and must be stored and saved?

Businesspeople and entire companies already work with similar constraints, as such records already can be subpoenaed in trials (witness Bill Gates in the department of justice anti-trust trial). If you work for a company, your e-mails are most likely being stored in company servers, too. Freedom of Information Acts around the world require the retention of all sorts of communications. Civil servants and officials are, by all reports, quite adept at keeping much sensitive information out of records - they just don't write it down. Surely a US president can learn the basic discipline required to not send or receive sensitive communications via whatever e-mail address syncs with his BlackBerry?

As for security - there are already department of defense-approved technology security standards for mobile devices. It appears several of the agencies already issue the BlackBerry to employees. Highly classified information gets sent via separate, ultrasecure networks anyway.

Surely this is the presidency during which minders are going to have to figure out how to allow the 21st century in, not postpone it as long as possible? But whatever about the potential concerns, real or perceived, with the BarackBerry, what about the obvious ease with which Obama's mobile call data, stored by his mobile phone company, were accessed by Verizon employees?

To me, that was the much bigger story of the past week.

Any one of us could be subject to that kind of invasion of privacy, not just a president-elect.

Communications providers routinely hold call data of this sort for a mandated period for billing purposes, but in many places, including the Republic, it is now legally required to be held and stored for several years for possible future criminal investigations.

A major argument against long-term storage data of this sort is its sensitivity and its vulnerability. As the Obama- Verizon case demonstrates, often this data is very poorly secured. Privacy advocates have long argued that few controls are in place to keep snooping employees, even those with very low-level security, from delving into private call records.

The argument for storing call data for periods longer than the six months allowed for billing purposes under data protection legislation has been weakly supported in Europe and in the Republic. All the cases cited by gardaí as examples of the importance of call data to investigations are cases in which the data were obtained within six months of the crime - Veronica Guerin's murder or the Omagh bombing being the two usual examples.

In Ireland, I have no idea how well secured mobile records are, nor who can access them. Nor am I clear about the privacy protections on my e-mail or internet usage information (to be held for two years). But assuming US providers do not do things vastly differently from their European counterparts, the Verizon case suggests it wouldn't be too hard for employees to take a peek at or pass around European records either.

So really, why all the fuss over using handhelds? What the incoming US administration should be worrying about more than e-mails on a BlackBerry is data retention generally, and sloppy protections placed on everyone's private data, not just elected officials, no matter how high the office.

In a sane world, the same concern should extend across the Republic, where a Minister is about to sign in legislation that changes the definition of serious crime - which has potential constitutional implications, according to senator and law professor Ivana Bacik - to encompass the most petty of crimes, just to continue to give gardaí access to as much call data as possible.

Klillington@irish-times.ie

Blog: www.techno-culture.com

Karlin Lillington

Karlin Lillington

Karlin Lillington, a contributor to The Irish Times, writes about technology