My heart sank when I first saw Al Gore pull out his BlackBerry. It was in the waning weeks of the 2000 presidential campaign, and 
there he was on the TV, tapping away on his then-novel converged device. Though I had no evidence, I was positive that whatever he was reading had already been perused by some conservative skunk works, with his responses scrutinized not long after. Given recent revelations about the opposition’s ethics and panting obsession with domestic spying, I still suspect that any eavesdropping technically possible at the time was probably being done.
So imagine my dismay when I saw Sen. Barack Obama pulling a BlackBerry from his coat pocket shortly after announcing his candidacy for president. Like many others addicted to their converged devices (Sen. John McCain was apparently indulging during the last State of the Union speech, not sleeping), he’s become a constant user, and he now uses it to manage a large portion of his communications. While I hope these politicians have IT staffers paying attention to this sort of thing, more often than not, a series of underinformed security and privacy assumptions are made shortly before sensitive information starts flowing.
Many common assumptions about the security and privacy of smart phones or other handheld converged devices are off-base or just flat-out wrong. For any high-value target — whether that’s a political candidate or an organization with valuable financial or personal data — a little more thought ought to go into the process of selecting and deploying any device handling important data. It makes sense then to challenge the more widespread assumptions and consider how to handle oft-ignored risks.
Ten dangerous claims about smart phone security