RIM Works Out Deal In Saudi Arabia, Causing Many To Wonder If They Can Trust Their BlackBerry

from the well,-you-never-could-before... dept

Mon, Aug 9th 2010 2:14am — Mike Masnick

With last week's news that the United Arab Emirates and Saudi Arabia were going to block access for BlackBerry users over the inability to spy on RIM's servers, the news over the weekend that Saudi Arabia is testing three local servers that would alleviate the need for a ban has many wondering how secure their BlackBerry communications really are.

Of course, the more pertinent question may be how secure BlackBerry communications have ever been. One of the big complaints from the UAE and Saudi Arabia (and others) is that they believe RIM already lets certain governments access content flowing across their network. And, of course, no one seems willing to come out with a straight answer one way or the other on whether or not that's an accurate statement. However, as the NY Times article above makes clear, whether or not governments really do have access to RIM's network probably isn't as meaningful as some believe, since there are multiple different potential points of access for anyone wishing to monitor messages. About the only thing that is clear is that if you're communicating online, it's probably best to assume that, sooner or later, someone other than the intended recipients will probably see it.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: blackberries, email, privacy, saudi arabia
Companies: rim

21 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Lawrence D'Oliveiro, 9 Aug 2010 @ 3:03am

Mass Surveillance = Mass Distraction
If governments like India, Saudi and Emirates want to do indiscriminate eavesdropping on their citizens, never mind the privacy concerns, they’re doing security wrong. They’re setting themselves up to try to drink from a firehose of data that will be impossible to use to discern any useful patterns.

This is the problem that Western agencies had with the Underwear Bomber. They couldn’t “connect the dots”, because they had collected too many dots. Stick to targeted policing based on specific information received, and you’ll have a much better success rate.
[ link to this | view in thread ]
BearGriz72 (profile), 9 Aug 2010 @ 3:14am

Said it before and I will say it again...
Never Depend Solely on Somebody Else for Your Security, there are many tools that can be used on almost any platform. I use TrueCrypt, PGP, & TOR for various purposes. Depending on the circumstances even ROT-5/13/18/47 can be useful (especially when combined with other tools), there are even "Online Encryption Tools" that can be used cross platform.

Now as others have pointed out "You are depending on the crypto people who designed and wrote the proofs for the algorithms you are using" but if you are using/layering multiple methods and not depending on a single service/tool it greatly reduces the chances of any one person being able to crack it.
[ link to this | view in thread ]
cc (profile), 9 Aug 2010 @ 3:29am

Re: Said it before and I will say it again...
This pretty much sums up my take on the subject.

I'll add that the algorithms are usually pretty safe in themselves since they aren't too hard to analyse rigorously -- as long as no-one cracks them, that is.

It's the implementation that may lack in many instances, which can contain bugs and sometimes even backdoors that are usually much easier to exploit than weaknesses in the encryption scheme.

I guess the best option is to use open source tools whose code is available so we can check for ourselves it doesn't contain any "proprietary magic" compiled into the executables.

But, yes: layering trumps all.
[ link to this | view in thread ]
lfroen (profile), 9 Aug 2010 @ 3:44am

Re: Said it before and I will say it again...
Here's another novel concept for you: keep your mouth shut. People like you are ridiculous, they for some reason think that if some stuff is encrypted in $algorithm, government can't read it. Wrong.
You see, genius, wast amount of population does not encrypt their messages. It doesn't matter whether it's good thing or not. It is a fact. So, your "secured" PGP'ed talk is very distinct. It's like writing "I have stuff to hide" on your back.
Another fact of life for you: when some man-in-black will come to ask you "a few questions" you can't say "I won't tell you". You will tell. That's why those 3-letter agencies exists - make people talk. Right-to-remain-silent you say? Yea, right.
[ link to this | view in thread ]
abc gum, 9 Aug 2010 @ 4:21am

Re: Re: Said it before and I will say it again...
Wow.
How did you get out?
[ link to this | view in thread ]
Anonymous Coward, 9 Aug 2010 @ 4:27am

Everyone seems to forget too, that it's incredibly easy for *anyone* to encrypt messages from their computer or smartphone anyway.
No need for a fuss over BB.
[ link to this | view in thread ]
Chronno S. Trigger (profile), 9 Aug 2010 @ 4:57am

Re: Re: Said it before and I will say it again...
That' a really good example of encryption in your writing, I couldn't understand a word you said.
[ link to this | view in thread ]
BearGriz72 (profile), 9 Aug 2010 @ 5:22am

Re: Re: Said it before and I will say it again...
There are so many ways I could address this, most of them rude. So I will simply say RTFM, anybody who uses those tools properly has already addressed those issues, including duress.
[ link to this | view in thread ]
Berenerd (profile), 9 Aug 2010 @ 5:31am

Re: Re: Said it before and I will say it again...
Who pissed in your government issued cheerios this morning?

I work for a company that encrypts *ALL* its email no matter what it is. I encrypt my email at home just out of habit. Just because the majority does it does not mean its because they have nothing to hide. I have seen my roommates email passwords to people for their ebay accounts and such. if I were them I would encrypt that. You are just being Mr. Tinfoil Hatt today.
[ link to this | view in thread ]
Bastiat's Ghost, 9 Aug 2010 @ 5:33am

Re: Re: Said it before and I will say it again...
If everyone thought like you, Ifroen, then America would still be a colony of the British Empire. Hell, India and Pakistan would still be colonies of the British Empire, too.
[ link to this | view in thread ]
AJB, 9 Aug 2010 @ 5:46am

Privacy
You send information on a public network over public airwaves and expect privacy??? How naive can you be. There is no guarantee of privacy in any communication medium. Even the encryption programs that A. Coward mentions have back-doors built in and are regularly breached.
[ link to this | view in thread ]
lfroen (profile), 9 Aug 2010 @ 6:09am

Re: Re: Re: Said it before and I will say it again...
Uh - no. Irrelevant issue. IIRC colonists stated their demands publicly, than waged propaganda _and_ war. Conspiracy is only small part it.
Back to original question: just pass (really) confidential info personally. Or by mail (you know, one with envelope). Those kind of communication is match harder to intercept without being noticed.
[ link to this | view in thread ]
Anonymous Coward, 9 Aug 2010 @ 6:16am

Re: Re: Re: Re: Said it before and I will say it again...
Or use strong encryption and covert ways the most effective one being steganography.

"just pass (really) confidential info personally"

Well I like to see a company issuing new passwords to its offshore workers in person once a week, or people trying to contact relatives out of state to send them something private.

I don't think you live in the real world.
[ link to this | view in thread ]
lfroen (profile), 9 Aug 2010 @ 6:19am

Re: Re: Re: Said it before and I will say it again...
>> Just because the majority does it does not mean its because they have nothing to hide

Yes it does. Tell, me mister privacy, why don't you encrypt your phone calls? Government can listen to them! Ah, I see - you rely on wiretapping laws to protect you. And with email it somehow different?
You can play with your toys all day long, nobody really want to read your email - (skip gmail robots). And when "people" will need your mail - you will give them encryption keys.
[ link to this | view in thread ]
lfroen (profile), 9 Aug 2010 @ 6:23am

Re: Re: Re: Said it before and I will say it again...
No, you will say "here is encryption keys" and "I have used this-and-that encryption software".

When you meet people that _really_ want your email - your game is up, no matter whether it was real conspiracy or home porno.
[ link to this | view in thread ]
Anonymous Coward, 9 Aug 2010 @ 6:32am

It's OK if they spy. We will just write an app to secure our conversations and text. Encrypted phone calls to avoid government ears. Absolutely!! Spy on me and I will hide from you. Sounds like good public relations. Once again we love and trust our governments! NOT.
We will write an app that will say one thing while encrypting the real conversation. That way the censors (polite word) will get to hear something and we get freedom.
Monitoring all of our phone and text messages just slows down an already extremely overloaded network.
How many terrorists have they actually caught from monitoring our calls. When you look in someone else's window you are called a creep, a peeping tom, a voyeur and lots of other nasty names and you can go to jail.
How come governments can do the same thing but worse by listening to our private phone calls? I call them creeps of the highest order.
So I have to restrict myself to landlines only. At least they have to put an actual order to monitor landlines but cell traffic is wide open to all of the hundreds of security agencies monitoring your life.
[ link to this | view in thread ]
interval (profile), 9 Aug 2010 @ 8:18am

Re: Re: Re: Said it before and I will say it again...
@Chronno: "I couldn't understand a word you said."

I'm with you. And again I say "Wtf??"
[ link to this | view in thread ]
interval (profile), 9 Aug 2010 @ 8:21am

Re:
That's what I'm talking about. Why the big fuss? Lots of 3rd party apps that one can install, and some come with a deniability portion as well (meaning its not obvious to a casual 2nd party that the app is installed or even active.)
[ link to this | view in thread ]
nasch (profile), 9 Aug 2010 @ 11:01am

Re: Re: Re: Re: Said it before and I will say it again...
Those kind of communication is match harder to intercept without being noticed.

I thought the problem was men in black helicopters coming to your house to beat the password out of you. That's not exactly hard to notice.
[ link to this | view in thread ]
nasch (profile), 9 Aug 2010 @ 11:02am

Re: Privacy
Citation needed.
[ link to this | view in thread ]
abc gum, 9 Aug 2010 @ 5:51pm

Re: Re: Re: Re: Said it before and I will say it again...
"No, you will say "here is encryption keys" and "I have used this-and-that encryption software"."

After waterboarding?

"When you meet people that _really_ want your email - your game is up, no matter whether it was real conspiracy or home porno."

... and then you are stoned to death - woohoo
[ link to this | view in thread ]