Security Excuses are on the Rocks

By Peter Coffee  |  Posted 2002-03-25 Print this article Print

This week, we honor Jim Balsillie, chairman and CEO of Research In Motion, who commented earlier this month on the intrinsic insecurity of Internet traffic—and why it's not his company's fault that people don't understand it.

Welcome to "stupid customers," the saga of IT vendors ongoing attempts to blame the victim. This week, we honor Jim Balsillie, chairman and CEO of Research In Motion, who commented earlier this month on the intrinsic insecurity of Internet traffic—and why its not his companys fault that people dont understand it.

Balsillie was asked about an attack discovered by @Stake that enabled researchers to read wireless messages intended for a user of the Internet Edition of RIMs popular BlackBerry device. He huffed and he puffed and he blew the question down, saying, "Internet traffic isnt supposed to be secure. ... Its kind of like a company making beer and cola and someone saying that theres alcohol in the companys drinks, when the children are drinking cola."

Well, no, its really not like that, and IT executives need to understand why thats a deeply flawed analogy.

First comes the matter of labeling. Alcoholic beverages are labeled and sold in a manner that leaves no doubt as to what youre getting, with full disclosure of the harm that it can do: birth defects, impairment of driving ability and long-term health problems.

Even my Nokia phone displays the warning "Voice privacy not active" for the duration of my call unless link security is in effect. Thats far more forceful than RIMs approach of warning by omission, with RIM executives saying that security was never promised or that the Mobitex specification makes it all clear.

Second comes the matter of expectation. Beer ads dont show Boy Scouts drinking the product—but we see the RIM advertisements in in-flight magazines and elsewhere, and they dont show people relying on their BlackBerry units for updates on their local coffee shops waiting times. The RIM ads all suggest that these devices will warn you of crucial business developments, such as changes to a proposed contract or other urgent matters. Dont such important purposes call for secure message platforms?

Alcohol labels and advertising rules arent voluntary. Would IT vendors like to have legislators do the same for them?

Report your pink elephant sightings to

Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel