RIM Works Out Deal In Saudi Arabia, Causing Many To Wonder If They Can Trust Their BlackBerry

from the well,-you-never-could-before... dept

With last week's news that the United Arab Emirates and Saudi Arabia were going to block access for BlackBerry users over the inability to spy on RIM's servers, the news over the weekend that Saudi Arabia is testing three local servers that would alleviate the need for a ban has many wondering how secure their BlackBerry communications really are.

Of course, the more pertinent question may be how secure BlackBerry communications have ever been. One of the big complaints from the UAE and Saudi Arabia (and others) is that they believe RIM already lets certain governments access content flowing across their network. And, of course, no one seems willing to come out with a straight answer one way or the other on whether or not that's an accurate statement. However, as the NY Times article above makes clear, whether or not governments really do have access to RIM's network probably isn't as meaningful as some believe, since there are multiple different potential points of access for anyone wishing to monitor messages. About the only thing that is clear is that if you're communicating online, it's probably best to assume that, sooner or later, someone other than the intended recipients will probably see it.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Lawrence D'Oliveiro, Aug 9th, 2010 @ 3:03am

    Mass Surveillance = Mass Distraction

    If governments like India, Saudi and Emirates want to do indiscriminate eavesdropping on their citizens, never mind the privacy concerns, they’re doing security wrong. They’re setting themselves up to try to drink from a firehose of data that will be impossible to use to discern any useful patterns.

    This is the problem that Western agencies had with the Underwear Bomber. They couldn’t “connect the dots”, because they had collected too many dots. Stick to targeted policing based on specific information received, and you’ll have a much better success rate.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    BearGriz72 (profile), Aug 9th, 2010 @ 3:14am

    Said it before and I will say it again...

    Never Depend Solely on Somebody Else for Your Security, there are many tools that can be used on almost any platform. I use TrueCrypt, PGP, & TOR for various purposes. Depending on the circumstances even ROT-5/13/18/47 can be useful (especially when combined with other tools), there are even "Online Encryption Tools" that can be used cross platform.

    Now as others have pointed out "You are depending on the crypto people who designed and wrote the proofs for the algorithms you are using" but if you are using/layering multiple methods and not depending on a single service/tool it greatly reduces the chances of any one person being able to crack it.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      cc (profile), Aug 9th, 2010 @ 3:29am

      Re: Said it before and I will say it again...

      This pretty much sums up my take on the subject.

      I'll add that the algorithms are usually pretty safe in themselves since they aren't too hard to analyse rigorously -- as long as no-one cracks them, that is.

      It's the implementation that may lack in many instances, which can contain bugs and sometimes even backdoors that are usually much easier to exploit than weaknesses in the encryption scheme.

      I guess the best option is to use open source tools whose code is available so we can check for ourselves it doesn't contain any "proprietary magic" compiled into the executables.

      But, yes: layering trumps all.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      lfroen (profile), Aug 9th, 2010 @ 3:44am

      Re: Said it before and I will say it again...

      Here's another novel concept for you: keep your mouth shut. People like you are ridiculous, they for some reason think that if some stuff is encrypted in $algorithm, government can't read it. Wrong.
      You see, genius, wast amount of population does not encrypt their messages. It doesn't matter whether it's good thing or not. It is a fact. So, your "secured" PGP'ed talk is very distinct. It's like writing "I have stuff to hide" on your back.
      Another fact of life for you: when some man-in-black will come to ask you "a few questions" you can't say "I won't tell you". You will tell. That's why those 3-letter agencies exists - make people talk. Right-to-remain-silent you say? Yea, right.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        abc gum, Aug 9th, 2010 @ 4:21am

        Re: Re: Said it before and I will say it again...

        Wow.
        How did you get out?

         

        reply to this | link to this | view in chronology ]

      •  
        icon
        Chronno S. Trigger (profile), Aug 9th, 2010 @ 4:57am

        Re: Re: Said it before and I will say it again...

        That' a really good example of encryption in your writing, I couldn't understand a word you said.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          interval (profile), Aug 9th, 2010 @ 8:18am

          Re: Re: Re: Said it before and I will say it again...

          @Chronno: "I couldn't understand a word you said."

          I'm with you. And again I say "Wtf??"

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        BearGriz72 (profile), Aug 9th, 2010 @ 5:22am

        Re: Re: Said it before and I will say it again...

        There are so many ways I could address this, most of them rude. So I will simply say RTFM, anybody who uses those tools properly has already addressed those issues, including duress.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          lfroen (profile), Aug 9th, 2010 @ 6:23am

          Re: Re: Re: Said it before and I will say it again...

          No, you will say "here is encryption keys" and "I have used this-and-that encryption software".

          When you meet people that _really_ want your email - your game is up, no matter whether it was real conspiracy or home porno.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            abc gum, Aug 9th, 2010 @ 5:51pm

            Re: Re: Re: Re: Said it before and I will say it again...

            "No, you will say "here is encryption keys" and "I have used this-and-that encryption software"."

            After waterboarding?

            "When you meet people that _really_ want your email - your game is up, no matter whether it was real conspiracy or home porno."

            ... and then you are stoned to death - woohoo

             

            reply to this | link to this | view in chronology ]

      •  
        icon
        Berenerd (profile), Aug 9th, 2010 @ 5:31am

        Re: Re: Said it before and I will say it again...

        Who pissed in your government issued cheerios this morning?

        I work for a company that encrypts *ALL* its email no matter what it is. I encrypt my email at home just out of habit. Just because the majority does it does not mean its because they have nothing to hide. I have seen my roommates email passwords to people for their ebay accounts and such. if I were them I would encrypt that. You are just being Mr. Tinfoil Hatt today.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          lfroen (profile), Aug 9th, 2010 @ 6:19am

          Re: Re: Re: Said it before and I will say it again...

          >> Just because the majority does it does not mean its because they have nothing to hide

          Yes it does. Tell, me mister privacy, why don't you encrypt your phone calls? Government can listen to them! Ah, I see - you rely on wiretapping laws to protect you. And with email it somehow different?
          You can play with your toys all day long, nobody really want to read your email - (skip gmail robots). And when "people" will need your mail - you will give them encryption keys.

           

          reply to this | link to this | view in chronology ]

      •  
        identicon
        Bastiat's Ghost, Aug 9th, 2010 @ 5:33am

        Re: Re: Said it before and I will say it again...

        If everyone thought like you, Ifroen, then America would still be a colony of the British Empire. Hell, India and Pakistan would still be colonies of the British Empire, too.

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          lfroen (profile), Aug 9th, 2010 @ 6:09am

          Re: Re: Re: Said it before and I will say it again...

          Uh - no. Irrelevant issue. IIRC colonists stated their demands publicly, than waged propaganda _and_ war. Conspiracy is only small part it.
          Back to original question: just pass (really) confidential info personally. Or by mail (you know, one with envelope). Those kind of communication is match harder to intercept without being noticed.

           

          reply to this | link to this | view in chronology ]

          •  
            identicon
            Anonymous Coward, Aug 9th, 2010 @ 6:16am

            Re: Re: Re: Re: Said it before and I will say it again...

            Or use strong encryption and covert ways the most effective one being steganography.


            "just pass (really) confidential info personally"

            Well I like to see a company issuing new passwords to its offshore workers in person once a week, or people trying to contact relatives out of state to send them something private.

            I don't think you live in the real world.

             

            reply to this | link to this | view in chronology ]

          •  
            icon
            nasch (profile), Aug 9th, 2010 @ 11:01am

            Re: Re: Re: Re: Said it before and I will say it again...

            Those kind of communication is match harder to intercept without being noticed.

            I thought the problem was men in black helicopters coming to your house to beat the password out of you. That's not exactly hard to notice.

             

            reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 9th, 2010 @ 4:27am

    Everyone seems to forget too, that it's incredibly easy for *anyone* to encrypt messages from their computer or smartphone anyway.
    No need for a fuss over BB.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      interval (profile), Aug 9th, 2010 @ 8:21am

      Re:

      That's what I'm talking about. Why the big fuss? Lots of 3rd party apps that one can install, and some come with a deniability portion as well (meaning its not obvious to a casual 2nd party that the app is installed or even active.)

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    AJB, Aug 9th, 2010 @ 5:46am

    Privacy

    You send information on a public network over public airwaves and expect privacy??? How naive can you be. There is no guarantee of privacy in any communication medium. Even the encryption programs that A. Coward mentions have back-doors built in and are regularly breached.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 9th, 2010 @ 6:32am

    It's OK if they spy. We will just write an app to secure our conversations and text. Encrypted phone calls to avoid government ears. Absolutely!! Spy on me and I will hide from you. Sounds like good public relations. Once again we love and trust our governments! NOT.
    We will write an app that will say one thing while encrypting the real conversation. That way the censors (polite word) will get to hear something and we get freedom.
    Monitoring all of our phone and text messages just slows down an already extremely overloaded network.
    How many terrorists have they actually caught from monitoring our calls. When you look in someone else's window you are called a creep, a peeping tom, a voyeur and lots of other nasty names and you can go to jail.
    How come governments can do the same thing but worse by listening to our private phone calls? I call them creeps of the highest order.
    So I have to restrict myself to landlines only. At least they have to put an actual order to monitor landlines but cell traffic is wide open to all of the hundreds of security agencies monitoring your life.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This