According to Wired News, Mr. Obama will not be able to use his Blackberry any more when he will be President of the USA, because of security concerns. He may even have to refrain from using e-mail.
The funny thing is that the issue goes further than security. In the USA, there is a Presidential Records Act that forces active presidents to keep a record of all their communication, which are owned by the public and subject to historical review.
Now, that’s an interesting mobile application: a highly secure e-mail application that keeps a full record of all exchanges and archives them. I am wondering what it would take for such an application to be written, on which device it could run, and how it could be certified. An interesting challenge.
A Common Criteria-certified (EAL5+ level, no less) Java Card 3.0 card could do the trick, with secure end-to-end communication with a White House server. Smart cards can be hacked, of course, but it takes time, and for such high-profile applications, we can build countermeasures that make it extremely difficult to break a card without killing it. Here, the “everything is recorded” feature is very nice, because it allows us to take the risk of terminating a card without reason, since there is no risk of data loss.
There are two problems, though. The first one is timing: Such Java Card 3.0 products are not available yet. The second one is that Java Card 3.0 products are not autonomous, and that they require a client to interact with the end-user and to get content through a network, and these client devices cannot be as secure as the card itself.
So, although Java Card 3.0 definitely is Change we can believe in, we will once again have to wait for secure terminals to save the world.
No Comments