Saudi Says RIM Deal Reached; BlackBerry OK, If We Can Read the Messages 185
crimeandpunishment writes "There's a deal on the table to avert a ban on Blackberry's messenger service in Saudi Arabia. A Saudi regulatory official, speaking on the condition of anonymity, told the Associated Press the deal involves placing a server in Saudi Arabia ... and letting the government monitor users' messages, easing Saudi concerns over security and criminal usage. The deal could have wide-ranging implications, given how many other countries have expressed similar concerns, or in the case of the United Arab Emirates, have threatened to block Blackberry email and messaging services." Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.
...and RIM capitulates. (Score:5, Interesting)
Guess they don't have any backbone to just drop the country and let the end-users take action.
they are a business, why should they care? (Score:2)
Why should RIM care if they make sales? Businesses only worry about ethics when they might cause a reduction in profits. NGOs and individuals I expect to have ethics, but not corporations. Where does "backbone" come into running a business?
Canada and USA and a lot of other countries trade with Saudia Arabia, I haven't seen them declaring trade embargoes over Saudia Arabia's human rights issues either.
Personally I'd prefer it if companies (and countries) behaved ethically but from I've read over the last cou
Re: (Score:3, Interesting)
Why should RIM care if they make sales?
Because it's the right thing to do.
Businesses only worry about ethics when they might cause a reduction in profits.
I have yet to hear a good argument that this should be the case.
Canada and USA and a lot of other countries trade with Saudia Arabia, I haven't seen them declaring trade embargoes over Saudia Arabia's human rights issues either.
None of which has anything to do with whether RIM is doing the right thing here.
I agree but it's unlikely to happen (Score:2)
I wholeheartedly agree with you that companies should behave ethically but it appears from experience that they rarely do this voluntarily.
Hence my noting that there is no governmental embargo in place over Saudia Arabia's privacy / tapping position or other human rights records. Governments could provide the lead, but the message they are sending out is "no problem, do as you will". RIM could argue that they are behaving within the law, and their government is not either providing direct advice, legal rest
Re: (Score:2)
I would argue it's worse than that - if the marketplace simply allows unethical behavior, and if there is a competitive advantage in being unethical, then natural selection will actually weed out all the ethical companies as inefficient. Thus your options are 1) play dirty or 2) don't play at all. (Same as how you can't get elected without making unrealistic campaign
Re: (Score:3, Insightful)
To the extent that I'm able, when it comes to unethical companies, I do my best not to play at all. I'm sure there are plenty of customers who don't mind what a company does as long as their products are shiny and the price is right. But once in a while, boycotts have a very positive effect.
Re: (Score:2)
RIM could argue that they are behaving within the law, and their government is not either providing direct advice, legal restrictions or leading by an example which suggests they should behave other than are doing.
When in Rome, do as Romans do - seems to me as valid today as it was 2000 years ago.
To exemplify: I don't like software patents, however I have no problems with the idea of USA keeping it for themselves (I do have some issues when they try to export it to other countries).
Re:I agree but it's unlikely to happen (Score:4, Informative)
Amazing, isn't it? You'd think that crime was completely out of control.
Even crime along the US/Mexican border has decreased for each of the last 5 years. From all the hollering in Arizona, you'd think that it was completely lawless, when in fact, crime rates are significantly down.
Re: (Score:2)
"From all the hollering in Arizona, you'd think that it was completely lawless, when in fact, crime rates are significantly down."
"down" /= "good", especially when it's in one's own neighborhood.
Re: (Score:2)
>>>NGOs and individuals I expect to have ethics, but not corporations.
Revoke corporate licenses.
Re: (Score:2, Insightful)
Because their sales depend on business people going to Saudi Arabia and using their products. How do you think their customers will react now that the Saudi government can eavesdrop on confidential business communications, trade secrets, corporate strategy, etc... ???
they have excellent reason to care (Score:2)
Government and big business sales of the RIM phones are largely driven by "secure", more modern phones with more features and better UIs are available at the same price or cheaper.
Having "just" Saudi Arabia able to read Blackberry messages is like being "just" a lit
Re: (Score:2)
Business should not only care about profits, which implies short-term policy. There should be some more general idea behind the business which will help it to avoid "local extrema".
Re: (Score:2)
Re:they are a business, why should they care? (Score:4, Insightful)
I have to agree with you here, even failed attacks cause mass hysteria. Just look at the security theater at airports in the US. (I can only speak for the country I live in.) With every failed attack, they tack on another ridiculous "security procedure" that does nothing but make us think that they're doing something useful. To make things worse, then the US requires airports abroad to have similar procedures and regulations to even be allowed within US airspace.
Though you didn't pose your question to me, I do not find that terrorism requires any competence. Terrorism is simply a desperate way to achieve a political goal. Because they do not have the resources that a government with a standing army has, they choose whatever method that they can get away with, and that's usually hijackings or suicide bombings. Even unsuccessful attacks cause enough of a panic within a general population to change government policy and disrupt everyday life.
Any idiot with homemade bombs can do this. 9/11, on the other hand, did require competence. The plot was hatched around 1996, though some of it was also luck because the FBI, CIA, and local law enforcement did not talk to each other. (I believe at least one of the would-be hijackers was pulled over before 9/11, for example.)
But would we feel any different about groups such as al-Qaeda if they were a real government and had a standing army, and sent battalions and regiments into battle ? Do we hate their tactics, or their goals?
Re: (Score:3, Interesting)
End-users won't fix the problem. RIM would simply lose money.
The Middle East not only doesn't play by our customs, those customs are utterly alien.
They want the technology, but they remain tribalist, Jihadist, Wahabist in the case of KSA, and none of this is changing for the better.
Re: (Score:2)
End-users won't fix the problem. RIM would simply lose money.
Vote with your money, if you fill so strong for the people of UEA...
The Middle East not only doesn't play by our customs, those customs are utterly alien.
... and stop using their oil too.
Re: (Score:2)
Also true... and completely irrelevant to this discussion.
Re:...and RIM capitulates. (Score:4, Insightful)
Re: (Score:3, Funny)
No, no, no. Haven't you read the Slashdot summary?
Allowing Saudi Arabia to eavesdrop on everyone's communications has "eased their concern" about security issues.
Re: (Score:2)
The NSA would prefer that didn't happen.
Re: (Score:2)
Guess they don't have any backbone to just drop the country and let the end-users take action.
Just what action do you propose the users take - against the Islamic Saudi state and monarchy?
Re:...and RIM capitulates. (Score:4, Insightful)
Just a word of caution before everyone here denounces RIM: We all remember the news [slashdot.org] a few days ago that Google made an agreement with Verizon for preferential access to their network. Everyone here was raising hell about how Google threw their "open Internet" stance out the window for profit. And then, after a few hours, we got an update: No such deal!
So, people, wait a few hours and let's see what's the real deal between RIM and the Saudi government. If this is the real deal - then shame on them!
Re: (Score:2)
>And then, after a few hours, we got an update: No such deal!
How do you know that's what happened? In my opinion, its more likely the NYTimes jumped on a rumor for ad impressions. They got their ads, attention, and Google had to drive its PR into overtime to fight the FUD. Its suicidal for google to embrace the tiered non-neutral net. The deal never made any sense to begin with and surprise surprise it turned out to be false. Prove me wrong. Show me proof that this deal was even in the orks.
RIM is just e
Re: (Score:2)
That was exactly my point, that there were rumors and everyone here was up in arms over them and later we heard that it was not true, that there was no such deal. I did not mean to imply that our rallying against supposed-deal made Google change its mind.
If you re-read my post, you will understand that what I am saying is that we need to wait a bit, and maybe we will find out that here we have the same thing - someone jumped on a rumor and actually RIM did not cave-in or that the agreement was somewhat diff
Re: (Score:2)
If you think this is a rumor then youre out of your mind. Its real, RIM is deploying a server in the UAE and handing over the encryption keys to their horrible theocratic government. Done and done. RIM's end-to-end encryption has been in the thorn in the side of several of these terrible governments, and now they finally pulled the nuclear option. I'm completely justified in criticizing them, you can keep making apologies for these horrible regimes if you like, but youre far from convincing.
Re: (Score:2)
Did you even read what I wrote? I didn't say that what the article says they're doing is ok. I'm not justifing RIM. I'm just saying that prior experience thought us that sometimes the first headline is alarming and sensational and later, when more details are revealed, you see that things are not that bad.
Again, I agree that if RIM decided to throw their encryption out for those regimes it is very, very (very xn) bad. I'm just suggesting we exercise some caution with our responses until all the details come
Re: (Score:3, Insightful)
And all the moral relativists come out of the woodwork to suddenly embrace right and wrong.
Companies don't go to heaven. So companies get NO credit for doing what is right. They only get credit for doing what is necessary to survive.
Vote with your dollars...but people will still buy whatever product they like best.
Re: (Score:2)
All morality is relative. The moral thing to do would be for the USA to have embargoed Saudi Arabia a long time ago.
Re:...and RIM capitulates. (Score:4, Funny)
All morality is relative.
The moral thing to do...
Thanks for illustrating my first point.
Re: (Score:2)
Indeed. If it is the case that the Saudis will be reading all the blackberry messages made within their country, it will be interesting to see if President Obama continues to use his Blackberry, deciding it's easier to just never visit Saudi Arabia..
Re: (Score:3, Informative)
Guess they don't have any backbone to just drop the country and let the end-users take action.
It's interesting how we keep seeing a conflation of two different issues.
BES (enterprise) cannot be monitored. All traffic is encrypted - while it travels through RIM servers, it is encrypted with a key owned by the companies running BES. This includes email and - if I recall correctly -- BlackBerry messenger messages. This means that only devices that have the appropriate keys can decrypt the traffic. No matter what deals are reached, this can't be changed by RIM.
BIS (consumer) is routed through BB
Re: (Score:2)
What prevents BB from pushing an OS update that copies all messages sent through BES? They do control the hardware.
Re: (Score:3, Informative)
The problem with freedom is that it never seems to involve corporations or governments.
The the solution to this particular problem is easy, simply let the users run their own encryption with their own software and own keys on their own hardware. I'm surprised such a thing doesn't exist now for the Blackberry. Oh wait, it does [pgp.com]. All RIM has to do is tell these dumb governments that "yep, you can read the stuff on our servers," while at the same time paying bloggers under the table to spread word on how to
Privacy (Score:2, Interesting)
I'm glad I have it.
(At least for now... my fellow US citizens seem to be completely blind to the forces at work to destroy our privacy.)
Re:Privacy (Score:4, Insightful)
You do realize that the US gov't knows it could not do the same thing without getting a big uproar, but they can just get all of RIM's traffic routed through Saudi Arabia, right... Who am I kidding, the US ALREADY can view everybody's BlackBerry messages.
Re:Privacy (Score:5, Insightful)
Who am I kidding, the US ALREADY can view everybody's BlackBerry messages.
Any evidence of that?
I recall my company's legal team doing a search for any instance where intercepted, decrypted messages from a Blackberry Enterprise Server were used in court. The lawyers weren't able to find any cases.
Now, that doesn't prove anything, but it's a good indicator.
Plus, you can use S/MIME and PGP with blackberry for additional encryption.
Re: (Score:2)
Well, you got that last bit right.
Do you think that when Tom Cruise cracked the Enigma code in WWI the result was a lawsuit against the Nazis?
Re: (Score:2)
If the US government had the ability to routinely intercept & decrypt AES-encrypted messages from a Blackberry Enterprise Server, I think some evidence would have appeared in court cases against high-value criminal targets.
If so they would either keep it sealed or, as in the case(s) where the FBI tapped into OnStar like systems in order to eavesdrop on passengers, they just didn't go into the full details of how it was accomplished. In the case of OnStar-like eavesdropping it only came to light when the companies started refusing to do it because it interfered with their business - so the DoJ took them to court to try and force it.
Re: (Score:3, Interesting)
The minute people seriously suspect that AES is breakable in large numbers, will be the minute China proposes their own IETF draft of an algorithm and the whole banking sector, and essentially the Internet will change algorithms overnight.
I have seen this discussion in every major security program, be it PGP back in the 90s, TrueCrypt, BitLocker, or any other program that is relied upon to provide security. This can be reduced to three states:
1: Governments do not have an easy backdoor. Result: This won
Re: (Score:3, Insightful)
Re: (Score:2)
Yeah, this idea that the government can actually break any encryption and is just hiding it from us is a myth. In fact, it's a myth that got refuted on Slashdot already [slashdot.org]
Re: (Score:2)
Maybe. Maybe not; it's really impossible to disprove. If they do, they have to be very careful about using it, lest it be discovered. It would only be worth risking at all for nuke-in-NY-harbor level stuff, and even then they'd have to be damn careful lest they fall for a fake plot [wikipedia.org] designed specifically to reveal their capabilities.
On the other hand, if they're sloppy, they could be detected by p
Re: (Score:2)
I'm not an American, but if the authorities wanted access to some blackberry messages, and could show probable cause, would they not just have to get a warrant? RIM, since they have significant assets in the US, would have to comply.
Re: (Score:2)
Re: (Score:2)
Unless you use encryption, don't be so sure you have privacy.
money talks, freedom walks (Score:4, Interesting)
really, that's all that needs to be said.
fwiw, I have lost all respect for RIM and will not buy their products for my own personal use. they were on the high moral ground for a while but now that they've caved in, they are no different than the other 'carriers'.
their security is now rendered 'untrustable'. what a shame.
another one bites the dust.
Re: (Score:3, Insightful)
Aren't you being a little over dramatic? Exactly how did you think the world worked? You really weren't naïve enough tho think that they cared about anything besides profits for the shareholders did you?
Re:money talks, freedom walks (Score:4, Insightful)
what exactly is RIM selling? confidence and trust.
they just threw all that out the door.
yes, I think its a HUGE deal. when their whole stock and trade is privacy and then they turn around and sign a 'smiling deal' with our arch enemies (...), yes, I consider that an about-face in the harshest of ways.
we all suspected the almighty looney was king, here; but I was hoping for a ray of sunlight. hoping; but apparently not getting.
no corporation, today, can continue the 'do no evil' for very long. how very sad for us all.
Re: (Score:2)
no corporation, today, can continue the 'do no evil'...
"hehehe. Oh wait you were serious, let me laugh even harder HAHAHAHAHA!" ~Bender
I was looking at RIMs product line and yeah I didn't see anything about Confidence and Trust probably because you can't patent them. I'm really shocked you've made it so far in life and hadn't learned this lesson yet.
Re: (Score:2)
You really ever believed that the US authorities never had access to blackberry data as and when they wanted it?
Why do you hold the US government to any higher degree of respect than that of the UAE? It's not like either of them believes that strongly in freedom, liberty or human rights.
Re: (Score:2)
Depends on how you mean (Score:3, Insightful)
I believe they can get a wiretap warrant and monitor what is going on with a given number. That is not surprising (or secret). However I don't believe they have any secret back door in to the handsets, or private BES units. They seem to use strong, FIPS validated, encryption which to the best of anyone's knowledge is not breakable. In fact the security of the handsets is one of the things the government loves to much about BB and why they are the biggest customer (the US government loves them some BlackBerr
Re: (Score:2)
The biggest problem you have with most other people's reactions to your post is that they value pragmatism above principles. They will reward your sacrifice and adherence to your own principles with mockery and incredulity about your alleged naivety about the world.
There is only one way we can reward RIM's behavior. We vote with our wallet and let them know they are losing $30-$60 dollars a month from their customer solely because they refused to stand up for privacy. The fact it is happening in Saudi Ar
Re: (Score:2)
I don't know you, but what I find absolutely crazy is how quickly people can set aside their principles when it is inconvenient to keep them. When that is true, was it ever really their principles to begin with? My opinion? That is a disgusting weakness in humanity.
Humans have weaknesses. But it's clear that any principles you will compromise are principles you never really had to begin with. You were just lying to yourself about having them.
Re: (Score:2)
Making sure women don't date? Where is this country where only gay men can date? :D
No, it is a country where a woman is expected to simply marry who her father says to marry, no dating necessary, and isn't considered part of their culture. Dating is an evil "western" concept. And being gay gets you the death penalty, every time. Keep in mind that it is illegal for a woman to DRIVE in Saudi Arabia, or be out in public without a male member of the family present. I wish I was making this up, but I'm not.
Re: (Score:2)
Re: (Score:2)
"their security is now rendered 'untrustable'. what a shame."
Unless you encrypt your own traffic, why would you trust any carrier?
Re: (Score:2)
Re: (Score:2)
fwiw, I have lost all respect for RIM
You had respect for them in the first place?
Travellers? (Score:5, Interesting)
I see how this solution would work for customers of Saudi mobile operators, whose phones would be pre-configured to use the 'local' BB server. What about travellers from other countries - would they have to go into their phone and manually re-configure it to contact the Saudi BB Server? Would that basically be the same steps as if you were setting up to use a corporate-owned BB Server? What if you already use a corporate BB Server? Will your messages be blocked? If the email account you are trying to check is your company email account, and the only way to access it is through the company-owned Enterprise BB Server, are you S.O.L.?
travel is optional (Score:5, Insightful)
You give up certain rights when you travel to a foreign country.
but is corporate willing to give them up? (Score:3, Insightful)
but is corporate willing to give them up? maybe not and they will need to find away around it or say no e-mail for workers that are in that country.
Re:but is corporate willing to give them up? (Score:5, Interesting)
Re: (Score:2)
Don't you really mean "after the terrorist attacks that happened over a decade ago, which the authorities keep reminding us of to keep us in fear? What color is the threat level today?"
Re: (Score:2)
Err, no on that first part. I counted on my fingers to be sure, but a decade after September 11, 2001 appears to be September 11, 2011, which we have not reached yet.
As for the reminder... yeah, maybe that's the reason they haven't gotten around to filling in the great mucking hole in the ground. It took only seven years to
not really (Score:2)
There are some universal rights. Among them should be that no government should have the right to go on fishing expeditions through private communications. That isn't universally recognized, but hopefully we can get there.
Of course, the nations of the Middle East (Saudi Arabia, Egypt, Israel, Jordan, etc.) all commit far more serious human rights violations than merely digging through people's Blackberry messages, but still...
Re: (Score:2)
I'm curious, which ones are those? Off the top of my head, I can't think of any universally recognized rights. Some governments recognize some, others don't. Just depends on the country and the "right"...
Re: (Score:2)
"You give up certain rights when you travel to a foreign country."
And you give them ALL up (well, unless you are military) when you travel in the Middle East. That isn't a troll or a joke.
Don't like how they roll? Do not go there, you don't need to be there, end of story.
Re:travel is optional (Score:4, Insightful)
You give up certain rights when you travel to a foreign country
Rights are inherent and not given or allowed by any government. Nor are laws enumerations on these rights.
I thought that was the whole point of the Magna Carta and the American Revolution.
But if you want to be pragmatic about it, it is in the moral and political best interest of any nation who does respect those rights to put pressure on countries that do not.
Or is it ok to be nice with people who allow repression and torture in their countries?
It doesn't matter if it is their law in that country or not, if you are an individual or a corporation that plays nice with those rules, it means you support those policies. There are no ifs, ands, or buts about that.
Re: (Score:2)
Re: (Score:2)
I thought that was the whole point of the Magna Carta and the American Revolution.
The American Revolution was about rich land owners wanting to skip out on paying taxes.
Re: (Score:2)
I thought it was about rich land speculators wanting to steal (or cheat) land from its rightful owners and sell it at a massive profit.
What with the evil powerless King wanting to protect all his subjects, not just the white protestant ones.
Re:travel is optional (Score:4, Insightful)
Haven't travelled much, hey? Rights are a uniquely human invention, and they are given by whoever is in charge and can be taken away by the same entity. In a democracy citizens nominally decide what rights they want to grant themselves and what rights to grant non-citizens (usually not exactly the same list). Sometimes they decide some rights are important enough to try and get other people to agree to as well.
Note that the Magna Carta was basically an agreement giving the English aristocracy some ability (rights, if you like) to limit the king's power. The commoners didn't really get any rights. Ditto with the US bill of rights - it gave citizens certain rights, but did squat for non-citizens (such as slaves). And neither of those apply to any society (such as Saudi Arabia) that isn't descended from the UK.
The idea of "inalienable" rights is ridiculous. No society has ever granted the same rights to all people, and certainly not at all times. The US itself only grants many rights to citizens or legal residents, and sometimes doesn't even respect the ones the UN says are basic human rights.
the only way to reply to your idealism (Score:2)
is with winston churchill:
"No folly is more costly than the folly of intolerant idealism"
you have absolute truth apparently on your side, be damned everything else
what are you, some sort humanist taliban?
dude: you are as bad, if not worse, than whatever you hate in this world, because you think exactly the same way they do
you hate repression and torture? well, the guys doing the repression and torture are empowered with the same haughty arrogance about their beliefs as you have
get over your fucking self
Re: (Score:2)
So you'd see no difference in service (except maybe latency).
Re: (Score:2)
Stuff sent through the blackberry network is encrypted on the device, sent to Canada and then either decrypted and forwarded to the open internet, sent on to a BES at some other company, or forwarded to another blackberry.
Re: (Score:2)
It might actually be Blackberry Messenger that they're up in arms about more than e-mail, with its more real-time nature being perceived as an imminent threat in a terrorism situation.
Re: (Score:2)
So SSH to a secure server outside Saudi Arabia and send/receive email through a CLI mail program. Yeah, it's more of a PITA, but it allows you to still have unreadable communication. Unless they block all SSH traffic...
Re: (Score:2)
Why a CLI mail program? Just setup the SSH tunnel and use whatever program you want.
Re: (Score:2)
The SSH client on a Blackberry doesn't lend itself well to that application, at least not as far as I'm aware. Would be interested in hearing about if someone has set something like that up.
In other news, talks with OpenSSH (Score:5, Insightful)
But of course (Score:2, Informative)
Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.
But of course. Like this guy has mentioned here [slashdot.org]. It's all about getting a server established in India.
Re: (Score:2)
Clever, if evil. (Score:5, Insightful)
Thus, the customers most likely to complain, and make their complaints felt in the pocketbook, are unaffected, while the little people are ever more transparent.
What does this say about secrets? (Score:2)
All of this hubbub comes around the time of the big Wikileaks document release.
What does it say about us that not only do our governments want to keep secrets "safe" from us, but that for us to be able to keep secrets is dangerous.
The only difference is that they presume themselves innocent, and presume us guilty.
Re: (Score:2, Insightful)
Re: (Score:2)
"Wake up!" sings Danny Elfman, in my sig. That was 27 years ago, and it has gotten much worse since.
People deserve the freedom they get (Score:5, Interesting)
People deserve the freedom they get. Have you read the comments on BBC's article.
http://www.bbc.co.uk/news/technology-10899338 [bbc.co.uk]
Let me quite a few:
Abu Mohd, Riyadh, Saudi Arabia
I am an expat living in Saudi Arabia. For me the Blackberry is key to staying in contact with my family and friends in a way that I cannot do with other messaging services. I hope Saudi Arabia and RIM solve this situation. There are many people that work here who are away from their families that use this service. This ban would be one more reason to not come here, it does not help to the development of this country.
Suresh Haridas, Al khobar, Saudi Arabia
BlackBerry made our life much easier, whether we are using e-mail, internet, or BBM. A lot of people/students such as myself who live thousands of miles away from their family and friends really depend on BBM as a convenient medium to communicate. There is nothing compared to BBM in terms of quickness, convenience, and cost. On the other hand, I understand why governments such as Saudi Arabia, UAE, and others feel threatened. However, I am wondering why BlackBerry does not help these countries in terms of monitoring data and using their own servers to get to encrypted information.
Rakan H, Riyadh, Saudi Arabia
I am one of the youths who owns a BlackBerry and I completely agree that it is a major step in my country to protect it against any terrorist or anything that might affect our security. Also I believe all countries like the US should consider the same thing, because it is a tool that can be used among those people who can get access to national security and cause terror to communities. It is a perfect tool for them, cutting it off worldwide will definitely reduce the amount of global issues occurring. If it is necessary to protect the country then why not!
Jim, Singapore
I am a Canadian, living in Dubai and dreading losing my Blackberry. Most people I know are aware of the high level of security in the UAE and appreciate the benefits it provides. I would much rather lose some personal freedoms than take a chance with security. RIM has to understand that Dubai is a transit point for trade and potentially terrorism. Its population is continuously changing as over 80% of its residents are foreigners. UAE's high level of security is in the interests of the West. I am hopeful for a positive resolution but am not brave enough to buy up all the handsets that are selling cheap.
Ara, Dubai, UAE
Whilst it's perfectly true that any invasion of personal privacy in the name of national security is usually resented, I don't really understand the sense of outrage on this one. After all, don't the western intelligence agencies have extensive gathering facilities for the same sort of thing? I don't see the Gulf states doing anything more than our own governments, like it or not.
https? (Score:2)
One would assume that this is all pointless, since anybody could just use a web service via https.
However one would also assume that these governments control at least one trusted signing authority, so they can freely intercept any https.
Re: (Score:2, Informative)
httpS is also not trustable. MITM attacks are not hard (buy the right piece of 'security appliance' and it will fool both ends of the SSL attack. I interviewed at various bay area companies (networking field) and they ALL are trying/doing this, now. very sad and very eye-opening.
I will never trust the 's' in https again now that I've seen how bad the end-to-end 'authentication' is.
Re: (Score:3, Informative)
I am pretty sure no security appliance can fool anything unless it can present a security certificate that my browser trusts. That can work in a corporate environment, a school, etc, but definitely not in general.
In any case, you can trust https only to the extent you can trust the CAs. If there are any CAs in China, UAE, etc, then you can be sure the respective governments can issue a certificate for *.com :-)
Saudi monitoring (Score:2)
Will the Committee for the Promotion of Virtue and the Prevention of Vice [wikipedia.org] have access?
This makes a Blackberry useless for business purposes. In most of the countries involved, the Government itself owns major businesses. Nobody in the oil business would want to discuss anything related to a Government deal (which is most of them) over a Blackberry now.
Halliburton? (Score:2)
BES service more secure than direct SSL? (Score:2)
Assuming you have a BES server in your organization...
Blackberries, AFAIK, send their data encrypted via the cell provider (RIM has servers on site?), then to RIM's central hub, and then to your BES server at your office, with high-grade end-to-end encryption.
"We're more secure" I think is their selling point.
How is that more secure, than say, an iPhone/Android communicating to an Exchange server directly over the internet but using quality SSL (ie, 2048 bit key, 128 bit AES, etc)?
Is direct, over the Intern
Re: (Score:2)
If the SSL keys came from a certificate store which has made a silent agreement with a state, that state can decrypt any of your communications that pass through that state's infrastructure (or are otherwise obtainable).
Furthermore, if I've been following things correctly, RIM's "selling point" is that (a) your corporate keys aren't known even by RIM, and consumer keys are known only by RIM and not anyone else, and (b) the Blackberry hardware is designed/certified to resist tampering to a degree that your t
Re: (Score:2)
Re: (Score:2)
Cert vendors can play games, but don't they just sign public keys? AFAIK, SSL certificate request doesn't include the private key, so a CA doesn't have it. Don't they just sign it for validity and provide some authentication that the cert buyer is who they claim to be?
Even if SSL cert vendors *did* get private keys, there's nothing stopping the paranoid from using self-signed certs which with the right encryption would be highly resistant to tampering or interception.
I can see where hardening the device
Obama's Blackberry (Score:2)
Re: (Score:3, Insightful)
From what I have read in various sources, most of the terrorists' communication is in code. That is, plain language words and phrases have a specific meaning. They don't use encryption since the very act of encrypting their communication draws attention to it. Something like, "My cousin's wedding is Wednesday," could mean that their planned attack will happen on Wednesday... or this guy's cousin really is getting married on Wednesday. Encrypting such a message just draws attention to it.
Getting access t