RIM Works Out Deal In Saudi Arabia, Causing Many To Wonder If They Can Trust Their BlackBerry
from the well,-you-never-could-before... dept
With last week’s news that the United Arab Emirates and Saudi Arabia were going to block access for BlackBerry users over the inability to spy on RIM’s servers, the news over the weekend that Saudi Arabia is testing three local servers that would alleviate the need for a ban has many wondering how secure their BlackBerry communications really are.
Of course, the more pertinent question may be how secure BlackBerry communications have ever been. One of the big complaints from the UAE and Saudi Arabia (and others) is that they believe RIM already lets certain governments access content flowing across their network. And, of course, no one seems willing to come out with a straight answer one way or the other on whether or not that’s an accurate statement. However, as the NY Times article above makes clear, whether or not governments really do have access to RIM’s network probably isn’t as meaningful as some believe, since there are multiple different potential points of access for anyone wishing to monitor messages. About the only thing that is clear is that if you’re communicating online, it’s probably best to assume that, sooner or later, someone other than the intended recipients will probably see it.
Filed Under: blackberries, email, privacy, saudi arabia
Companies: rim
Comments on “RIM Works Out Deal In Saudi Arabia, Causing Many To Wonder If They Can Trust Their BlackBerry”
Mass Surveillance = Mass Distraction
If governments like India, Saudi and Emirates want to do indiscriminate eavesdropping on their citizens, never mind the privacy concerns, they’re doing security wrong. They’re setting themselves up to try to drink from a firehose of data that will be impossible to use to discern any useful patterns.
This is the problem that Western agencies had with the Underwear Bomber. They couldn’t “connect the dots”, because they had collected too many dots. Stick to targeted policing based on specific information received, and you’ll have a much better success rate.
Said it before and I will say it again...
Never Depend Solely on Somebody Else for Your Security, there are many tools that can be used on almost any platform. I use TrueCrypt, PGP, & TOR for various purposes. Depending on the circumstances even ROT-5/13/18/47 can be useful (especially when combined with other tools), there are even “Online Encryption Tools” that can be used cross platform.
Now as others have pointed out “You are depending on the crypto people who designed and wrote the proofs for the algorithms you are using” but if you are using/layering multiple methods and not depending on a single service/tool it greatly reduces the chances of any one person being able to crack it.
Re: Said it before and I will say it again...
This pretty much sums up my take on the subject.
I’ll add that the algorithms are usually pretty safe in themselves since they aren’t too hard to analyse rigorously — as long as no-one cracks them, that is.
It’s the implementation that may lack in many instances, which can contain bugs and sometimes even backdoors that are usually much easier to exploit than weaknesses in the encryption scheme.
I guess the best option is to use open source tools whose code is available so we can check for ourselves it doesn’t contain any “proprietary magic” compiled into the executables.
But, yes: layering trumps all.
Re: Said it before and I will say it again...
Here’s another novel concept for you: keep your mouth shut. People like you are ridiculous, they for some reason think that if some stuff is encrypted in $algorithm, government can’t read it. Wrong.
You see, genius, wast amount of population does not encrypt their messages. It doesn’t matter whether it’s good thing or not. It is a fact. So, your “secured” PGP’ed talk is very distinct. It’s like writing “I have stuff to hide” on your back.
Another fact of life for you: when some man-in-black will come to ask you “a few questions” you can’t say “I won’t tell you”. You will tell. That’s why those 3-letter agencies exists – make people talk. Right-to-remain-silent you say? Yea, right.
Re: Re: Said it before and I will say it again...
Wow.
How did you get out?
Re: Re: Said it before and I will say it again...
That’ a really good example of encryption in your writing, I couldn’t understand a word you said.
Re: Re: Re: Said it before and I will say it again...
@Chronno: “I couldn’t understand a word you said.”
I’m with you. And again I say “Wtf??”
Re: Re: Said it before and I will say it again...
There are so many ways I could address this, most of them rude. So I will simply say RTFM, anybody who uses those tools properly has already addressed those issues, including duress.
Re: Re: Re: Said it before and I will say it again...
No, you will say “here is encryption keys” and “I have used this-and-that encryption software”.
When you meet people that _really_ want your email – your game is up, no matter whether it was real conspiracy or home porno.
Re: Re: Re:2 Said it before and I will say it again...
“No, you will say “here is encryption keys” and “I have used this-and-that encryption software”.”
After waterboarding?
“When you meet people that _really_ want your email – your game is up, no matter whether it was real conspiracy or home porno.”
… and then you are stoned to death – woohoo
Re: Re: Said it before and I will say it again...
Who pissed in your government issued cheerios this morning?
I work for a company that encrypts *ALL* its email no matter what it is. I encrypt my email at home just out of habit. Just because the majority does it does not mean its because they have nothing to hide. I have seen my roommates email passwords to people for their ebay accounts and such. if I were them I would encrypt that. You are just being Mr. Tinfoil Hatt today.
Re: Re: Re: Said it before and I will say it again...
>> Just because the majority does it does not mean its because they have nothing to hide
Yes it does. Tell, me mister privacy, why don’t you encrypt your phone calls? Government can listen to them! Ah, I see – you rely on wiretapping laws to protect you. And with email it somehow different?
You can play with your toys all day long, nobody really want to read your email – (skip gmail robots). And when “people” will need your mail – you will give them encryption keys.
Re: Re: Said it before and I will say it again...
If everyone thought like you, Ifroen, then America would still be a colony of the British Empire. Hell, India and Pakistan would still be colonies of the British Empire, too.
Re: Re: Re: Said it before and I will say it again...
Uh – no. Irrelevant issue. IIRC colonists stated their demands publicly, than waged propaganda _and_ war. Conspiracy is only small part it.
Back to original question: just pass (really) confidential info personally. Or by mail (you know, one with envelope). Those kind of communication is match harder to intercept without being noticed.
Re: Re: Re:2 Said it before and I will say it again...
Or use strong encryption and covert ways the most effective one being steganography.
“just pass (really) confidential info personally”
Well I like to see a company issuing new passwords to its offshore workers in person once a week, or people trying to contact relatives out of state to send them something private.
I don’t think you live in the real world.
Re: Re: Re:2 Said it before and I will say it again...
Those kind of communication is match harder to intercept without being noticed.
I thought the problem was men in black helicopters coming to your house to beat the password out of you. That’s not exactly hard to notice.
Everyone seems to forget too, that it’s incredibly easy for *anyone* to encrypt messages from their computer or smartphone anyway.
No need for a fuss over BB.
Re: Re:
That’s what I’m talking about. Why the big fuss? Lots of 3rd party apps that one can install, and some come with a deniability portion as well (meaning its not obvious to a casual 2nd party that the app is installed or even active.)
Privacy
You send information on a public network over public airwaves and expect privacy??? How naive can you be. There is no guarantee of privacy in any communication medium. Even the encryption programs that A. Coward mentions have back-doors built in and are regularly breached.
Re: Privacy
Citation needed.
It’s OK if they spy. We will just write an app to secure our conversations and text. Encrypted phone calls to avoid government ears. Absolutely!! Spy on me and I will hide from you. Sounds like good public relations. Once again we love and trust our governments! NOT.
We will write an app that will say one thing while encrypting the real conversation. That way the censors (polite word) will get to hear something and we get freedom.
Monitoring all of our phone and text messages just slows down an already extremely overloaded network.
How many terrorists have they actually caught from monitoring our calls. When you look in someone else’s window you are called a creep, a peeping tom, a voyeur and lots of other nasty names and you can go to jail.
How come governments can do the same thing but worse by listening to our private phone calls? I call them creeps of the highest order.
So I have to restrict myself to landlines only. At least they have to put an actual order to monitor landlines but cell traffic is wide open to all of the hundreds of security agencies monitoring your life.