Former White House Deputy Chief of Staff Joe Hagin is the guy who planned George W. Bush's secret trips to Iraq and Afghanistan and oversaw renovations to the Situation Room and press briefing room. He was also the one in charge of securing every BlackBerry used in the West Wing.
(See related: Sectera Edge: A BlackBerry Secure Enough For Obama?)
And so it's of little surprise that everyone wants his opinion on President Obama's BlackBerry, the security of which has been the subject of often heated debate. [Read: Obama's BlackBerry is No Security Threat]
As deputy chief of staff, Hagin suffered his fair share of heartburn over the security of those devices, and ordered tight restrictions on how they could be used. He limited the functionality of the devices overseas, for example, and worried plenty about terrorists exploiting BlackBerry security holes.
In this Q&A, he opines on Obama's BlackBerry use and security measures every smart phone user should heed. [Read: 5 Ways to Secure Your BlackBerry]
Talk about some of the pros and cons of BlackBerry use in the West Wing from a security perspective. Joe Hagin: When we first got to the White House, there were no BlackBerries, there were no smart phones in the executive branch. The folks on Capitol Hill began using BlackBerry technology and it proliferated very rapidly up there. On Sept. 11, 2001, when we had so much trouble in the executive branch communicating during the emergency, when commercial phones and cell phones went down to a large extent because the system overloaded, there was a lot of difficulty at the White House because the President was in Florida, I was in New York City and everyone else was in Washington. With everyone spread so thinly, we had trouble figuring out who was OK, the status of things, and so on. In the weeks that followed, when talking to some of our friends on the hill, we found that they had stayed in pretty good touch through BlackBerry technology. We ultimately decided to proceed with a limited distribution of BlackBerries in the White House. It started with 50, turned to 200 and today I think almost everyone there is using one.
What were the security restrictions you established? Hagin: We banned classified material from any over-the-air device that was not encrypted and approved by various federal agencies. Both the sending and receiving party would have to have one of the secure devices. The problem facing the President is not much different from what business leaders face. The business leaders just aren't as aware of the risks. The way most people use these devices is with little awareness of the inherent risks and the ease with which they can be hacked and infected with malware. As smart phones become smarter and the functionality increases -- people in Japan now use them in lieu of a credit card at the point of sale, for example -- the opportunity for someone to have financial gain from hacking them only gets bigger. When we see that kind of functionality grow in the United States, security will simply have to be ramped up. Any company big or small that transmits sensitive information on these devices must understand the risks and the need for more robust security software to protect data on the devices.
There are of course some key differences between the business world and the White House, particularly when it comes to the Presidential Records Act. Can you describe some of that? Hagin: The White House faces a big legal challenge with these devices because of the Presidential Records Act. All communications on the devices have to be captured and made part of the official record. Then there's a political challenge over the ease with which the devices can be intercepted. Imagine if a presidential friend sends something controversial and it's intercepted, and then it goes public, the questions would come fast and furious. Then the president has to publically admonish his friend, disavow his friend, all those sorts of political games.
We know President Bush refrained from e-mail during his two terms, but did he ever lament on how he really wanted a BlackBerry? Or was he leery of the security straightaway? Hagin: Well, he was a prolific e-mailer as Texas governor and he really didn't want to give that up as President. But when faced with the barrage of briefings from White House lawyers and security personnel, he accepted the no e-mail creed. It's the same kind of pressure I'm sure President Obama has just gone through.
But Obama stood his ground and didn't give up his BlackBerry. Does that bother you at all? Hagin: I'm not privy to what they have done technologically, and I know there's speculation that it's a secure BlackBerry. But if that's the case all his friends have to be e-mailing him from equally secure BlackBerries. From what I see in the news it doesn't look like a secure BlackBerry, because the secure devices tend to be much thicker than the state-of-the-art variety. But it's hard to comment without being certain of what exactly they've put on his device to restrict and protect it. In terms of limiting the number of people who have the address, well, you know how hard it is to keep an e-mail address secret. And getting an e-mail from the President is a heady thing, so we'll see how long they can keep it secret.
You also worked for the first President Bush. I understand he's become quite the BlackBerry fan since leaving the White House. Hagin: (Laughing) That's true.
Does the Secret Service have the same security concerns over how an ex-president's smart phone is used? Hagin: They would be much less concerned about the data security issue and more concerned about the ability of someone to learn his location. My guess is that the GPS function on his BlackBerry is disabled. But he can e-mail a larger group of people. In fact, he has the largest group of friends I've ever seen and he e-mails constantly. He became a prolific e-mailer on the laptop and when the BlackBerry came along he got one. The security is a much different ballgame when you're a sitting president.
Now that Bush 43 has left office, do you think he'll get himself a BlackBerry? Hagin: I would imagine so. I haven't spoken to him, but I assume he'll quickly pick up on it.
Now that you've left the White House, you're trying to raise awareness in the private sector. Right. One thing the public at large has to be concerned about is what happens if you lose the thing. A lot of people don't even activate the password on these devices, and they're dangerous in the wrong hands without the proper security technology. It's really a matter of users taking advantage of that technology. These devices are very useful from a productivity standpoint. Seriously limiting what most people can do on them isn't really the right option. The key is to take the proper security precautions if you're using one.
This story, "Is West Wing BlackBerry Security Possible?" was originally published by CSO.