Blackberry receives Common Criteria certification

Blackberry has been awarded the EAL2+ Common Criteria certification. Blackberry vendor Research in Motion (RIM) says that the Blackberry Enterprise Server and the Blackberry software used on end devices are the first mobile platform to be validated by Common Criteria. Certification was announced at the 8th International Common Criteria Conference in Rome. EAL Certification is generally a requirement for a product to be used in security fields of governmental agencies or organizations in the finance and health sectors.

However, the security of the system has been a subject of considerable concern in Europe including France, and particularly in Germany because the route servers that handle European traffic are in London and therefore theoretically accessible to foreign secret services. There, Blackberry's unsecure architecture is reckoned to make it unsuitable for use in security-sensitive areas of public administration and in companies vulnerable to economic espionage. However many now feel that these concerns are unfounded because encryption is used between Blackberry end devices, and only users and customers have the keys.

In addition to Common Criteria certification, Blackberry has also been approved for Great Britain's CAPS Program. Furthermore, the encryption module has been FIPS-140 validated. Finally, NATO and the British government have approved a solution for wireless data transmission under the classification "NATO Restricted", which, despite the impression it gives of protected status in the vernacular, is the lowest possible level of protected status.

See also:

• No more BlackBerrys for the French government, report by heise Security
• Fraunhofer SIT presents initial results of their BlackBerry study, report by heise Security

(mba)