When I spoke to former White House Deputy Chief of Staff Joe Hagin about the president's BlackBerry and the security issues it raised, he stressed that information classified in the government system as confidential, top secret, secret, classified or sensitive compartmentalized can only be transmitted or received via devices that are specifically approved for such information. What the White House and the security agencies were more concerned about, he said, is sensitive but unclassified information. He couldn't speak to what the Obama Administration would specifically require, but he confirmed that each administration has discretion.
For sensitive but unclassified information, there are security and encryption requirements, like OMB Memorandum 06-16, the Federal Information Management Security Act (FISMA) and National Institute of Standards and Technology (NIST) requirements. But they apply to more than just information transmitted by smartphone. What if, for instance, a federal agency needs to transcribe a hearing or a phone conversation?
According to LegaLock:
Government agencies, corporations, and private law firms engaged in federal litigation require commercial transcribers to process SBU data on government-owned computers to ensure full federal compliance. However, this results in longer processing times, increased expenses, and a lack of transcribers willing to work in an environment other than their own. Ultimately, and unfortunately, this forces many government agencies to select convenience over compliance by simply allowing transcribers to process SBU materials on home computers and over the open Internet.
That's why the new secure transcription service provider has established the first system authorized to process such sensitive government data while complying with all the federal encryption and transmission requirements. The company Web site declares that its security procedures "surpass even the highest government and industry standards to ensure peace-of-mind that client data cannot be lost, stolen, or compromised."
The company's founder is the former security programs director for the U.S. Department of Justice Office of the Inspector General. As such, he has experience with national security, emergency preparedness and contingency planning, and he was also involved in creating the DOJ's new "framework for safeguarding" sensitive information.
It's a service worth checking out, and I would imagine similar efforts in other industries will begin to pop up as well. Perhaps health information will be next?