OTTAWA — The U.S. government has given Canadian-made software that lets federal agencies talk securely amongst themselves during an emergency—without mistakenly inviting a journalist to the conversation—its highest level of clearance for unclassified data in cloud-based services.

BlackBerry AtHoc, the crisis communications and incident response software developed by the erstwhile smartphone maker based in Waterloo, Ont., was already being used by more than 75 per cent of U.S. federal government agencies before it reached this milestone last month.

“It means that BlackBerry, as a Canadian company, has achieved the highest threshold of security for the U.S. government,” Ramon Pinero, vice-president of product and services at BlackBerry AtHoc, said in an interview with The Logic. “It permits BlackBerry to host solutions that contain data belonging to the U.S. federal [government],” he added. “That is no small task.”

Secure communications is one of BlackBerry’s three business divisions, accounting for just over half of the company’s US$534.9 million in revenue in its last fiscal year.

The security of government communications has been in the spotlight since The Atlantic revealed in March that senior national security officials in the administration of U.S. President Donald Trump were using Signal, an encrypted but open-source messaging platform, to share details of planned military strikes on Houthi targets in Yemen. Their use of the app became public knowledge because Jeffrey Goldberg, the magazine’s editor-in-chief, was accidentally added to the group chat.

The months-long and costly process with the U.S. government’s Federal Risk and Authorization Management Program (FedRAMP) required BlackBerry to prove—with documentation, interviews and physical inspections—its service complies with more than 400 federal security and privacy standards. The process is tough because the stakes are high. BlackBerry AtHoc, which has had a lower level of FedRAMP authorization since 2017, can now bid for contracts involving unclassified U.S. cloud-based data so crucial a breach or outage could cause catastrophic harm to organizations or individuals. The State Department, the Internal Revenue Service, Customs and Border Protection and even the Secret Service are among the agencies that have approved its use.

The U.S. government is using BlackBerry AtHoc domestically, but Pinero said the service, also used by Canada’s federal government, as well as businesses, can facilitate intelligence-sharing between both countries. That can mean communicating about the cross-border movement of illegal drugs and migrants, but also when co-operating on the response to wildfires and other natural disasters. The software will also be used for communications when Canada hosts the G7 Leaders’ Summit in Kananaskis, Alta., next month. Every government in the G7 uses it too.

Prateek Sureka, executive vice-president of government relations and strategy at Technation, a technology industry association based in Mississauga, Ont., considers the authorization a victory for both BlackBerry and its country of origin. “It really affirms that Canada is viewed as a credible, high-trusted partner in delivering secure digital infrastructure, especially in the areas tied to national security and critical systems,” he said. “I cannot underline that enough to show that despite the political slugfest that we see these days, this is still a huge win.”

David Shipley, CEO of Beauceron Security, a cybersecurity firm based in Fredericton, N.B., said it is not surprising that BlackBerry would clear this hurdle, given its mobile device was ubiquitous on Capitol Hill in the first decade of this century before the U.S. government started switching to the iPhone in 2012. “They had built a fundamentally very solid reputation for reliability, for security, for all these other things, so this is like building on that legacy,” he said. At the same time, he argued, meeting FedRAMP standards can become a “barrier to innovation,” given the cost to get there and the need to maintain compliance thereafter. “This is a process that helps give government assurances, but also fundamentally alters the innovation game,” he said.

The availability of such tools—and the stringent criteria to get their foot in the door—does raise questions about why senior Trump administration officials, including Vice-President JD Vance, were using Signal.

Pinero blames it on the “consumerization of government.” He also said, for the record, that BlackBerry AtHoc would have not allowed such a thing to happen. “The system is not an open network, so you could not add a journalist to the chat,” he said.

Shipley, whose firm specializes in the human behaviour side of cybersecurity, said he thinks the mishap with Signal happened because “decision-makers within an organization want to use tools that are convenient.” Ironically, it was a viral internet meme featuring photos of then-Secretary of State Hillary Clinton checking her BlackBerry device in 2011 that prompted the State Department to ask whether she was using a personal email account for government-related communications. That controversy dogged her when she was the Democratic nominee in the 2016 presidential election, which she lost to Trump.