The Canadian Press
OTTAWA—Senior federal bureaucrats are sending sensitive government information on their BlackBerrys despite warnings to stop.
Deputy ministers at Transport Canada, Veterans Affairs and Public Works have all used a BlackBerry feature called PIN messaging to discuss information that is supposed to be secure, The Canadian Press has learned.
PIN messaging allows BlackBerry users to send messages directly between devices over wireless networks, bypassing email servers.
The privacy commissioner and Communications Security Establishment Canada (CSEC) — the federal agency responsible for information security — have explicitly said the PIN service shouldn’t be used for material considered sensitive.
The vulnerability of government communications was exposed this week with the revelation that computer networks at two federal departments were compromised by hackers. Exactly what the hackers were after is unclear but Internet service at the Treasury Board and finance department has been curtailed as a result.
In the case of PINs, some or all of the departmental records released under Access to Information were censored because they contained information that could compromise security, economic interests or detailed the operations of government.
PIN messages are popular because they travel faster than emails and there is the perception they are secure because they are encrypted and not stored. But they can be cracked.
“The key used is a global cryptographic ‘key’ that is common to every BlackBerry device all over the world,” a CSEC security bulletin says.
“This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed.
“Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air.”
None of the departments provided an explanation as to why the PIN function is being used to send sensitive information.
Security experts say the risk is real.
Agencies “can install any sort of procedure and systems and policies they want for email, for Internet access for everything else, but this is a total grey area,” said Keith Murphy of Defence Intelligence Inc.
“If something does happen, they have no recourse.”
In an audit of five federal agencies released in October, privacy commissioner Jennifer Stoddart found all of them in violation of PIN-to-PIN policy.
“Existing policies surrounding wireless devices lack key elements — including restrictions on the use of PIN-to-PIN messaging — and four of the five entities lack documented procedures to mitigate the risk of a data exposure resulting from a lost or stolen wireless device,” she found.
Late last year, the U.A.E., Saudi Arabia and India threatened to shut down BlackBerry service in their countries because PIN messages couldn’t be monitored by the government.
Canadian government departments are required to have a capture mechanism for PIN messages in place if they are used. That’s because they constitute government records and are therefore subject to Access to Information.
But it’s up to each department to decide if PINs are allowed. A request to Citizenship and Immigration for PIN messaging came up empty, with subsequent documents suggesting that department forbids use of the service.