BlackBerry 10 suffers security approval setback by UK gov't

UPDATED: Despite a strong hold of the worldwide public sector market, the UK government doesn't believe the latest BlackBerry 10 software is safe enough for secure communications. For now, the only modern day smartphone capable of government use in the UK is the iPhone.
Written by Zack Whittaker, Contributor

Updated at 11:20 a.m. ET: see below.

BlackBerry 10 software fails to meet the UK government's strict security requirements for confidential data sharing, while Apple's iPhone and iPad have. (Credit: Josh Miller/CNET)

The UK government may have deemed BlackBerry 10 not as secure as previous iterations of the smartphone platform. 

It comes at a time when the Canadian smartphone maker is attempting to claw back vital market share in order to compete with rival smartphone makers, while at the same time aggressively targeting the enterprise and government market with its BlackBerry branding.

First reported by The Guardian, the UK government's electronics clearance unit the Communications-Electronics Security Group (CESG) — a division of the third domestic eavesdropping agency, the Government Communications Headquarters (GCHQ) — said the software is incapable of meeting the strict security requirements for UK government work.

The Guardian reports that the CESG determined that BlackBerry Balance, the software that is designed to separate work and personal lives on the device, failed to pass the security requirements set out by the spy agency's sister group. The software is designed to prevent the sharing of data between work accounts and personal accounts, but at this time it's not clear what exactly failed the strict tests carried out by the UK government department.

BlackBerry (formerly Research in Motion) confirmed that its BlackBerry 10 software — and therefore the BlackBerry Z10 touch-only device — is not yet deemed fit for UK government use for low-level secure communications between staff and other Whitehall departments.

However, BlackBerry 7.0 and 7.1 retain their clearance statuses for dealing with sensitive government material, deemed "restricted" or below, two levels below "secret."

As it stands, the only viable modern day contender to take on BlackBerry 7 versions is the iPhone and iPad, which received CESG clearance for "restricted" content late last year. Some previously published guidance on Windows Phone and Symbian platforms exist, but both have been let go by Microsoft and Nokia respectively in favor of newer platforms.

There is a twist to the tale, however: the US government granted BlackBerry 10 the highly sought after FIPS 140-2 certification for secure public sector communication — showing that the UK and US, in spite of their special diplomatic and political relationship, do not see eye to eye on data security.

Exactly how this will affect other European nations remains unclear. In spite of intelligence sharing agreements between various EU countries — such as the UK with Germany and France — it could leave other EU nation states questioning their own purchases.

Germany, for instance, recently bought 5,000 BlackBerry Z10 devicesfor civil servant and staff use. Though the devices will be fitted with Secusmart micro-SD card technology to bolster the device and the platform as a whole, because BlackBerry Balance is an inherent feature in BlackBerry Enterprise Service-enabled devices, it may not negate the potential security threat noted by the UK government agency. 

The knock-on effect could be catastrophic for BlackBerry, which generates tens of millions in revenue in long-term enterprise and government contracts. One of the biggest clients in the UK is Whitehall and Westminster, home of the UK government.

BlackBerry did not give a timeline in which the software may be put through its paces again by the UK spin-off spy agency in order to see its BlackBerry 10 devices hit the public sector.

Update: A spokesperson for CESG told ZDNet in an emailed statement

Discussions with BlackBerry are ongoing about the use of the BlackBerry 10 platform in government. We have not yet performed an evaluation of the security of that platform, but we expect to be issuing Platform Guidance in the summer. This will cover a number of platforms including Blackberry 10 (and the use of 'Balance').

We have a long standing security partnership with BlackBerry and this gives us confidence that the BlackBerry 10 platform is likely to represent a viable solution for UK Government."

A statement from BlackBerry said:

Media reports alleging that BlackBerry 10 has been 'rejected' for U.K. government use are both false and misleading. BlackBerry has a long-established relationship with CESG and we remain the only mobile solution approved for use at 'Restricted' when configured in accordance with CESG guidelines.

This level of approval only comes following a process which is rigorous and absolutely necessary given the highly confidential nature of the communications being transmitted. The current re-structuring of this approval process, due to the Government Protective Marking Scheme review and the new CESG Commercial Product Assurance scheme has an impact on the timeline for BlackBerry 10 to receive a similar level of approval.

Editorial standards