Results 1 to 6 of 6
  1.    #1  
    I work for a law firm and am very concerned that I do not jeopardize the security of our computer systems. I also have a Treo 600 and want to be able to use it to access my Outlook email.

    If I go through the IT guys in my firm, I'm almost certain that they will not support my use of BC Personal.

    I have 2 questions:

    1) If I set BC Personal on my workstation, do I run the risk of causing security issues with respect to my firm's systems?

    2) If I set up BC Personal on my workstation, will out IT dept know?

    Thanks.
  2. #2  
    Originally I had the same questions, and then both my IT director and me became very satisfied with what we learned about the security. We're very comfortable that there are no risks of someone accessing our network this way. To answer your other question, from what I can tell and have heard, your IT department won't know that you are running this (no more so than if you installed GoToMyPC or HotSync for that matter....)

    But I also don't think it's intended as an "end-run" around your IT department. In my case to be sure, I just talked to my IT guy, and gave him the attached PDF from the Sprint website. Pages 9 & 10 in particularly talk about security: http://www1.sprintpcs.com/media/Asse...res_13b08b.pdf

    Sprint also had a longer Security & Technical doc (like 25pp), but I don't see it on their site. I did save it though, so if you're interested I can email it to you -- just ping me with a private message to let me know.
  3. #3  
    Supposedly the information is encrypted the entire way between your desktop and your handheld with keys they generate together. The part that bothers me though, is when you long onto Sprint's BC website - there all your E-mails are. How are they able to appear on your BC page if they are encrypted the whole way between your desktop and the handheld? Can somebody hack into BC's server and see al your E-mails.

    You must be extra careful becuase attorney/client privlege can be waived in some jurisdictions if an E-mail in maliciously intercepted. Some jurisdictions say that once the privlege is lost it can never be restored. Some jurisdictions differentiate on the basis of whether the E-mail was encypted or not. Privlege is generally not lost when a cell phone conversation is intercepted. It is lost when a cordless phone is intercepted. It's a very murky area. The bottom line though, is that if anything is particularly sensitive DON'T ALLOW IT TO BE TRANSMITTED WIRELESSLY. No cases I have seen have specifically addressed inteception of WIRELESS E-mail. It all boils down to reasonable expectation of privacy though.
  4. #4  
    Messages moving between your desktop PC and your mobile device running the Biz Con client are encrypted with an end-to-end key which is not known by Sprint. In this case, Sprint acts as a blind relay for messages encrypted with a key that the Sprint servers don't have.

    When you log into the web interface, you are giving up the security of an end-to-end encrypted connection for the convenience of a web interface. A point-to-point encryption key is used to protect your data between Sprint's servers and your PC, which is separate and distinct from the end-to-end key used to deliver messages to/from your Treo. The info from your desktop is decrypted at the Sprint servers, rendered into HTML, and encrypted using SSL for delivery to your browser.

    If you are concerned about the confidentiality of your data, and want to take the most conservative approach possible, I would forego use of the web interface and only use the client software with end-to-end encryption.

    Hope this helps.

    -AG
  5. #5  
    That does help my understanding quite a bit. Thank you for the reply. The only follow up question I have then is, does your data remain on Sprint's server once you log out of the BC website? I certainly will make certain only to use the palm client in the future.
  6. #6  
    From what I understand, the data is never actually stored at Sprint's server, only held in memory long enough to serve it up as a webpage.

    -AG

Posting Permissions