Forgot your password?
typodupeerror
Censorship Cellphones Communications Encryption Government Handhelds Security Your Rights Online

Saudi Says RIM Deal Reached; BlackBerry OK, If We Can Read the Messages 185

Posted by timothy
from the envelopes-ok-but-must-be-clear dept.
crimeandpunishment writes "There's a deal on the table to avert a ban on Blackberry's messenger service in Saudi Arabia. A Saudi regulatory official, speaking on the condition of anonymity, told the Associated Press the deal involves placing a server in Saudi Arabia ... and letting the government monitor users' messages, easing Saudi concerns over security and criminal usage. The deal could have wide-ranging implications, given how many other countries have expressed similar concerns, or in the case of the United Arab Emirates, have threatened to block Blackberry email and messaging services." Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.
This discussion has been archived. No new comments can be posted.

Saudi Says RIM Deal Reached; BlackBerry OK, If We Can Read the Messages

Comments Filter:
  • by sethstorm (512897) * on Saturday August 07, 2010 @01:14PM (#33174438) Homepage

    Guess they don't have any backbone to just drop the country and let the end-users take action.

    • Why should RIM care if they make sales? Businesses only worry about ethics when they might cause a reduction in profits. NGOs and individuals I expect to have ethics, but not corporations. Where does "backbone" come into running a business?

      Canada and USA and a lot of other countries trade with Saudia Arabia, I haven't seen them declaring trade embargoes over Saudia Arabia's human rights issues either.

      Personally I'd prefer it if companies (and countries) behaved ethically but from I've read over the last cou

      • Re: (Score:3, Interesting)

        Why should RIM care if they make sales?

        Because it's the right thing to do.

        Businesses only worry about ethics when they might cause a reduction in profits.

        I have yet to hear a good argument that this should be the case.

        Canada and USA and a lot of other countries trade with Saudia Arabia, I haven't seen them declaring trade embargoes over Saudia Arabia's human rights issues either.

        None of which has anything to do with whether RIM is doing the right thing here.

        • I wholeheartedly agree with you that companies should behave ethically but it appears from experience that they rarely do this voluntarily.

          Hence my noting that there is no governmental embargo in place over Saudia Arabia's privacy / tapping position or other human rights records. Governments could provide the lead, but the message they are sending out is "no problem, do as you will". RIM could argue that they are behaving within the law, and their government is not either providing direct advice, legal rest

          • by timeOday (582209)

            wholeheartedly agree with you that companies should behave ethically but it appears from experience that they rarely do this voluntarily.

            I would argue it's worse than that - if the marketplace simply allows unethical behavior, and if there is a competitive advantage in being unethical, then natural selection will actually weed out all the ethical companies as inefficient. Thus your options are 1) play dirty or 2) don't play at all. (Same as how you can't get elected without making unrealistic campaign

            • Re: (Score:3, Insightful)

              by PopeRatzo (965947) *

              Thus your options are 1) play dirty or 2) don't play at all.

              To the extent that I'm able, when it comes to unethical companies, I do my best not to play at all. I'm sure there are plenty of customers who don't mind what a company does as long as their products are shiny and the price is right. But once in a while, boycotts have a very positive effect.

              if the marketplace simply allows unethical behavior, and if there is a competitive advantage in being unethical, then natural selection will actually weed out

          • by c0lo (1497653)

            RIM could argue that they are behaving within the law, and their government is not either providing direct advice, legal restrictions or leading by an example which suggests they should behave other than are doing.

            When in Rome, do as Romans do - seems to me as valid today as it was 2000 years ago.
            To exemplify: I don't like software patents, however I have no problems with the idea of USA keeping it for themselves (I do have some issues when they try to export it to other countries).

      • >>>NGOs and individuals I expect to have ethics, but not corporations.

        Revoke corporate licenses.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Because their sales depend on business people going to Saudi Arabia and using their products. How do you think their customers will react now that the Saudi government can eavesdrop on confidential business communications, trade secrets, corporate strategy, etc... ???

      • A very large part of the sales appeal of a phone with an aging UI and an "uncool" form factor and a proprietary OS and limited app capability (why yes, I do have one) is precisely because it's "secure". That's why President Obama carries one.

        Government and big business sales of the RIM phones are largely driven by "secure", more modern phones with more features and better UIs are available at the same price or cheaper.

        Having "just" Saudi Arabia able to read Blackberry messages is like being "just" a lit
      • by RCL (891376)
        Lenin said: they will sell us the rope with which we will hang them.

        Business should not only care about profits, which implies short-term policy. There should be some more general idea behind the business which will help it to avoid "local extrema".
    • Re: (Score:3, Interesting)

      by couchslug (175151)

      End-users won't fix the problem. RIM would simply lose money.

      The Middle East not only doesn't play by our customs, those customs are utterly alien.

      They want the technology, but they remain tribalist, Jihadist, Wahabist in the case of KSA, and none of this is changing for the better.

      • by c0lo (1497653)

        End-users won't fix the problem. RIM would simply lose money.

        Vote with your money, if you fill so strong for the people of UEA...

        The Middle East not only doesn't play by our customs, those customs are utterly alien.

        ... and stop using their oil too.

    • by CdBee (742846) on Saturday August 07, 2010 @01:44PM (#33174618)
      I posted on here in another thread a few days back that RIMs refusal to back down in the UAE stood them in very good stead as a company as their users would respect that. Its amazing how quickly one can lose confidence again....
      • Re: (Score:3, Funny)

        by ShakaUVM (157947)

        No, no, no. Haven't you read the Slashdot summary?

        Allowing Saudi Arabia to eavesdrop on everyone's communications has "eased their concern" about security issues.

    • The NSA would prefer that didn't happen.

    • by westlake (615356)

      Guess they don't have any backbone to just drop the country and let the end-users take action.

      Just what action do you propose the users take - against the Islamic Saudi state and monarchy?

    • by Kilrah_il (1692978) on Saturday August 07, 2010 @02:30PM (#33174844)

      Just a word of caution before everyone here denounces RIM: We all remember the news [slashdot.org] a few days ago that Google made an agreement with Verizon for preferential access to their network. Everyone here was raising hell about how Google threw their "open Internet" stance out the window for profit. And then, after a few hours, we got an update: No such deal!
      So, people, wait a few hours and let's see what's the real deal between RIM and the Saudi government. If this is the real deal - then shame on them!

      • by gad_zuki! (70830)

        >And then, after a few hours, we got an update: No such deal!

        How do you know that's what happened? In my opinion, its more likely the NYTimes jumped on a rumor for ad impressions. They got their ads, attention, and Google had to drive its PR into overtime to fight the FUD. Its suicidal for google to embrace the tiered non-neutral net. The deal never made any sense to begin with and surprise surprise it turned out to be false. Prove me wrong. Show me proof that this deal was even in the orks.

        RIM is just e

        • That was exactly my point, that there were rumors and everyone here was up in arms over them and later we heard that it was not true, that there was no such deal. I did not mean to imply that our rallying against supposed-deal made Google change its mind.
          If you re-read my post, you will understand that what I am saying is that we need to wait a bit, and maybe we will find out that here we have the same thing - someone jumped on a rumor and actually RIM did not cave-in or that the agreement was somewhat diff

          • by gad_zuki! (70830)

            If you think this is a rumor then youre out of your mind. Its real, RIM is deploying a server in the UAE and handing over the encryption keys to their horrible theocratic government. Done and done. RIM's end-to-end encryption has been in the thorn in the side of several of these terrible governments, and now they finally pulled the nuclear option. I'm completely justified in criticizing them, you can keep making apologies for these horrible regimes if you like, but youre far from convincing.

            • Did you even read what I wrote? I didn't say that what the article says they're doing is ok. I'm not justifing RIM. I'm just saying that prior experience thought us that sometimes the first headline is alarming and sensational and later, when more details are revealed, you see that things are not that bad.
              Again, I agree that if RIM decided to throw their encryption out for those regimes it is very, very (very xn) bad. I'm just suggesting we exercise some caution with our responses until all the details come

    • Re: (Score:3, Insightful)

      by gandhi_2 (1108023)

      And all the moral relativists come out of the woodwork to suddenly embrace right and wrong.

      Companies don't go to heaven. So companies get NO credit for doing what is right. They only get credit for doing what is necessary to survive.

      Vote with your dollars...but people will still buy whatever product they like best.

    • Re: (Score:3, Informative)

      Guess they don't have any backbone to just drop the country and let the end-users take action.

      It's interesting how we keep seeing a conflation of two different issues.

      BES (enterprise) cannot be monitored. All traffic is encrypted - while it travels through RIM servers, it is encrypted with a key owned by the companies running BES. This includes email and - if I recall correctly -- BlackBerry messenger messages. This means that only devices that have the appropriate keys can decrypt the traffic. No matter what deals are reached, this can't be changed by RIM.

      BIS (consumer) is routed through BB

      • by Zerth (26112)

        What prevents BB from pushing an OS update that copies all messages sent through BES? They do control the hardware.

    • Re: (Score:3, Informative)

      by Alcoholist (160427)

      The problem with freedom is that it never seems to involve corporations or governments.

      The the solution to this particular problem is easy, simply let the users run their own encryption with their own software and own keys on their own hardware. I'm surprised such a thing doesn't exist now for the Blackberry. Oh wait, it does [pgp.com]. All RIM has to do is tell these dumb governments that "yep, you can read the stuff on our servers," while at the same time paying bloggers under the table to spread word on how to

  • Privacy (Score:2, Interesting)

    I'm glad I have it.

    (At least for now... my fellow US citizens seem to be completely blind to the forces at work to destroy our privacy.)

    • Re:Privacy (Score:4, Insightful)

      by davester666 (731373) on Saturday August 07, 2010 @01:33PM (#33174524) Journal

      You do realize that the US gov't knows it could not do the same thing without getting a big uproar, but they can just get all of RIM's traffic routed through Saudi Arabia, right... Who am I kidding, the US ALREADY can view everybody's BlackBerry messages.

      • Re:Privacy (Score:5, Insightful)

        by Anonymous Coward on Saturday August 07, 2010 @01:48PM (#33174644)

        Who am I kidding, the US ALREADY can view everybody's BlackBerry messages.

        Any evidence of that?

        I recall my company's legal team doing a search for any instance where intercepted, decrypted messages from a Blackberry Enterprise Server were used in court. The lawyers weren't able to find any cases.

        Now, that doesn't prove anything, but it's a good indicator.

        Plus, you can use S/MIME and PGP with blackberry for additional encryption.

        • I recall my company's legal team doing a search for any instance where intercepted, decrypted messages from a Blackberry Enterprise Server were used in court. The lawyers weren't able to find any cases.

          Now, that doesn't prove anything

          Well, you got that last bit right.

          Do you think that when Tom Cruise cracked the Enigma code in WWI the result was a lawsuit against the Nazis?

        • Re: (Score:3, Insightful)

          You're right - BES can't be intercepted/decrypted. BIS/consumer-grade is a completely different matter. (Unless, as you say, S/MIME is used....)
        • by selven (1556643)

          Yeah, this idea that the government can actually break any encryption and is just hiding it from us is a myth. In fact, it's a myth that got refuted on Slashdot already [slashdot.org]

          • by russotto (537200)

            Yeah, this idea that the government can actually break any encryption and is just hiding it from us is a myth.

            Maybe. Maybe not; it's really impossible to disprove. If they do, they have to be very careful about using it, lest it be discovered. It would only be worth risking at all for nuke-in-NY-harbor level stuff, and even then they'd have to be damn careful lest they fall for a fake plot [wikipedia.org] designed specifically to reveal their capabilities.

            On the other hand, if they're sloppy, they could be detected by p

        • by ceoyoyo (59147)

          I'm not an American, but if the authorities wanted access to some blackberry messages, and could show probable cause, would they not just have to get a warrant? RIM, since they have significant assets in the US, would have to comply.

    • by bcmm (768152)
      Uh... Where do you think the existing servers are?
    • by couchslug (175151)

      Unless you use encryption, don't be so sure you have privacy.

  • by TheGratefulNet (143330) on Saturday August 07, 2010 @01:22PM (#33174476)

    really, that's all that needs to be said.

    fwiw, I have lost all respect for RIM and will not buy their products for my own personal use. they were on the high moral ground for a while but now that they've caved in, they are no different than the other 'carriers'.

    their security is now rendered 'untrustable'. what a shame.

    another one bites the dust.

    • Re: (Score:3, Insightful)

      by shawn(at)fsu (447153)

      Aren't you being a little over dramatic? Exactly how did you think the world worked? You really weren't naïve enough tho think that they cared about anything besides profits for the shareholders did you?

      • by TheGratefulNet (143330) on Saturday August 07, 2010 @01:38PM (#33174576)

        what exactly is RIM selling? confidence and trust.

        they just threw all that out the door.

        yes, I think its a HUGE deal. when their whole stock and trade is privacy and then they turn around and sign a 'smiling deal' with our arch enemies (...), yes, I consider that an about-face in the harshest of ways.

        we all suspected the almighty looney was king, here; but I was hoping for a ray of sunlight. hoping; but apparently not getting.

        no corporation, today, can continue the 'do no evil' for very long. how very sad for us all.

        • no corporation, today, can continue the 'do no evil'...
          "hehehe. Oh wait you were serious, let me laugh even harder HAHAHAHAHA!" ~Bender

          I was looking at RIMs product line and yeah I didn't see anything about Confidence and Trust probably because you can't patent them. I'm really shocked you've made it so far in life and hadn't learned this lesson yet.

        • You really ever believed that the US authorities never had access to blackberry data as and when they wanted it?

          Why do you hold the US government to any higher degree of respect than that of the UAE? It's not like either of them believes that strongly in freedom, liberty or human rights.

          • Canadian* not that he mentioned either country besides the looney reference.
          • I believe they can get a wiretap warrant and monitor what is going on with a given number. That is not surprising (or secret). However I don't believe they have any secret back door in to the handsets, or private BES units. They seem to use strong, FIPS validated, encryption which to the best of anyone's knowledge is not breakable. In fact the security of the handsets is one of the things the government loves to much about BB and why they are the biggest customer (the US government loves them some BlackBerr

        • by EdIII (1114411)

          The biggest problem you have with most other people's reactions to your post is that they value pragmatism above principles. They will reward your sacrifice and adherence to your own principles with mockery and incredulity about your alleged naivety about the world.

          There is only one way we can reward RIM's behavior. We vote with our wallet and let them know they are losing $30-$60 dollars a month from their customer solely because they refused to stand up for privacy. The fact it is happening in Saudi Ar

          • by drinkypoo (153816)

            I don't know you, but what I find absolutely crazy is how quickly people can set aside their principles when it is inconvenient to keep them. When that is true, was it ever really their principles to begin with? My opinion? That is a disgusting weakness in humanity.

            Humans have weaknesses. But it's clear that any principles you will compromise are principles you never really had to begin with. You were just lying to yourself about having them.

      • by CdBee (742846)
        I would have thought their profits were critically dependent on trust
    • by couchslug (175151)

      "their security is now rendered 'untrustable'. what a shame."

      Unless you encrypt your own traffic, why would you trust any carrier?

    • by JohnWiney (656829)
      The reason various governments complained is that RIM is/was more secure than any other company. Now they are no worse than anyone else, better in some situations. The only way to guarantee security is to provide your own encryption (using standard methods, of course). And since we are now being shepherded into closed platforms (thanks, Steve Jobs), that is virtually impossible.
    • by Macrat (638047)

      fwiw, I have lost all respect for RIM

      You had respect for them in the first place?

  • Travellers? (Score:5, Interesting)

    by JSBiff (87824) on Saturday August 07, 2010 @01:28PM (#33174492) Journal

    I see how this solution would work for customers of Saudi mobile operators, whose phones would be pre-configured to use the 'local' BB server. What about travellers from other countries - would they have to go into their phone and manually re-configure it to contact the Saudi BB Server? Would that basically be the same steps as if you were setting up to use a corporate-owned BB Server? What if you already use a corporate BB Server? Will your messages be blocked? If the email account you are trying to check is your company email account, and the only way to access it is through the company-owned Enterprise BB Server, are you S.O.L.?

    • travel is optional (Score:5, Insightful)

      by OrangeTide (124937) on Saturday August 07, 2010 @01:32PM (#33174514) Homepage Journal

      You give up certain rights when you travel to a foreign country.

      • but is corporate willing to give them up? maybe not and they will need to find away around it or say no e-mail for workers that are in that country.

        • by CdBee (742846) on Saturday August 07, 2010 @01:47PM (#33174640)
          This question has occurred before regarding the USA - some companies banned employees from taking email devices and laptops into the USA, to prevent border searches accessing confidential data, in the light of the new US security arrangements after the terrorist attacks of the last decade
          • by Thing 1 (178996)

            [...] after the terrorist attacks of the last decade [...]

            Don't you really mean "after the terrorist attacks that happened over a decade ago, which the authorities keep reminding us of to keep us in fear? What color is the threat level today?"

            • by russotto (537200)

              Don't you really mean "after the terrorist attacks that happened over a decade ago, which the authorities keep reminding us of to keep us in fear? What color is the threat level today?"

              Err, no on that first part. I counted on my fingers to be sure, but a decade after September 11, 2001 appears to be September 11, 2011, which we have not reached yet.

              As for the reminder... yeah, maybe that's the reason they haven't gotten around to filling in the great mucking hole in the ground. It took only seven years to

      • There are some universal rights. Among them should be that no government should have the right to go on fishing expeditions through private communications. That isn't universally recognized, but hopefully we can get there.

        Of course, the nations of the Middle East (Saudi Arabia, Egypt, Israel, Jordan, etc.) all commit far more serious human rights violations than merely digging through people's Blackberry messages, but still...

        • There are some universal rights.

          I'm curious, which ones are those? Off the top of my head, I can't think of any universally recognized rights. Some governments recognize some, others don't. Just depends on the country and the "right"...

      • by couchslug (175151)

        "You give up certain rights when you travel to a foreign country."

        And you give them ALL up (well, unless you are military) when you travel in the Middle East. That isn't a troll or a joke.

        Don't like how they roll? Do not go there, you don't need to be there, end of story.

      • by vertinox (846076) on Saturday August 07, 2010 @03:56PM (#33175328)

        You give up certain rights when you travel to a foreign country

        Rights are inherent and not given or allowed by any government. Nor are laws enumerations on these rights.

        I thought that was the whole point of the Magna Carta and the American Revolution.

        But if you want to be pragmatic about it, it is in the moral and political best interest of any nation who does respect those rights to put pressure on countries that do not.

        Or is it ok to be nice with people who allow repression and torture in their countries?

        It doesn't matter if it is their law in that country or not, if you are an individual or a corporation that plays nice with those rules, it means you support those policies. There are no ifs, ands, or buts about that.

        • I agree that allowing repression and torture violate what amount to basic human rights. But how are we supposed to stop the USA from doing it?
        • by Macrat (638047)

          I thought that was the whole point of the Magna Carta and the American Revolution.

          The American Revolution was about rich land owners wanting to skip out on paying taxes.

          • by dryeo (100693)

            I thought it was about rich land speculators wanting to steal (or cheat) land from its rightful owners and sell it at a massive profit.
            What with the evil powerless King wanting to protect all his subjects, not just the white protestant ones.

        • by ceoyoyo (59147) on Saturday August 07, 2010 @10:53PM (#33177678)

          Rights are inherent and not given or allowed by any government. Nor are laws enumerations on these rights.

          I thought that was the whole point of the Magna Carta and the American Revolution.

          Haven't travelled much, hey? Rights are a uniquely human invention, and they are given by whoever is in charge and can be taken away by the same entity. In a democracy citizens nominally decide what rights they want to grant themselves and what rights to grant non-citizens (usually not exactly the same list). Sometimes they decide some rights are important enough to try and get other people to agree to as well.

          Note that the Magna Carta was basically an agreement giving the English aristocracy some ability (rights, if you like) to limit the king's power. The commoners didn't really get any rights. Ditto with the US bill of rights - it gave citizens certain rights, but did squat for non-citizens (such as slaves). And neither of those apply to any society (such as Saudi Arabia) that isn't descended from the UK.

          The idea of "inalienable" rights is ridiculous. No society has ever granted the same rights to all people, and certainly not at all times. The US itself only grants many rights to citizens or legal residents, and sometimes doesn't even respect the ones the UN says are basic human rights.

        • is with winston churchill:

          "No folly is more costly than the folly of intolerant idealism"

          you have absolute truth apparently on your side, be damned everything else

          what are you, some sort humanist taliban?

          dude: you are as bad, if not worse, than whatever you hate in this world, because you think exactly the same way they do

          you hate repression and torture? well, the guys doing the repression and torture are empowered with the same haughty arrogance about their beliefs as you have

          get over your fucking self

    • by SheeEttin (899897)
      I'm not familiar with BlackBerries (or really most cell phones; I don't have one), but I assume that your transmissions would be picked up at the tower and intercepted soon after (and, of course, forwarded on to their destination).
      So you'd see no difference in service (except maybe latency).
      • by Zerth (26112)

        Stuff sent through the blackberry network is encrypted on the device, sent to Canada and then either decrypted and forwarded to the open internet, sent on to a BES at some other company, or forwarded to another blackberry.

    • by NevDull (170554)

      It might actually be Blackberry Messenger that they're up in arms about more than e-mail, with its more real-time nature being perceived as an imminent threat in a terrorism situation.

    • by Fjandr (66656)

      So SSH to a secure server outside Saudi Arabia and send/receive email through a CLI mail program. Yeah, it's more of a PITA, but it allows you to still have unreadable communication. Unless they block all SSH traffic...

      • by h4rr4r (612664)

        Why a CLI mail program? Just setup the SSH tunnel and use whatever program you want.

        • by Fjandr (66656)

          The SSH client on a Blackberry doesn't lend itself well to that application, at least not as far as I'm aware. Would be interested in hearing about if someone has set something like that up.

  • by Statecraftsman (718862) * on Saturday August 07, 2010 @01:37PM (#33174562) Homepage
    reached a virtual standstill when the maintainers told Saudi Arabia to "stick it".
  • But of course (Score:2, Informative)

    by BangaIorean (1848966)

    Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.

    But of course. Like this guy has mentioned here [slashdot.org]. It's all about getting a server established in India.

  • Are you sure your country doesn't have such a deal? I can imagine how the talks went:
    "We are going to ban your hardware, because we can't listen in."
    "Why did you not say that earlier. Here is a server so you can listen in on everything. Oh and here are the keys for the backdoors, so you don't need to call us again."

    It is becoming scary how we all start to accept how easy and normal it is to gather information and listen in on people. Some people would call it privacy, I call it personal freedom and I will t

  • Clever, if evil. (Score:5, Insightful)

    by fuzzyfuzzyfungus (1223518) on Saturday August 07, 2010 @02:18PM (#33174784) Journal
    Architecturally, it looks like this deal will affect only BIS users, the ones that just walk up to the Phones-r-us kiosk and buy a blackberry and service plan. It won't have any effect on corporate customers running BES servers, since those have their own keys, and devices talking to them won't be dealing with the BIS servers being set up in Saudi Arabia.

    Thus, the customers most likely to complain, and make their complaints felt in the pocketbook, are unaffected, while the little people are ever more transparent.
  • All of this hubbub comes around the time of the big Wikileaks document release.

    What does it say about us that not only do our governments want to keep secrets "safe" from us, but that for us to be able to keep secrets is dangerous.

    The only difference is that they presume themselves innocent, and presume us guilty.

    • Re: (Score:2, Insightful)

      by ldconfig (1339877)
      1984 was a warning but sadly its turned into a how-to manual.
      • by Thing 1 (178996)

        1984 was a warning but sadly its turned into a how-to manual.

        "Wake up!" sings Danny Elfman, in my sig. That was 27 years ago, and it has gotten much worse since.

  • by cecom (698048) on Saturday August 07, 2010 @03:19PM (#33175096) Homepage Journal

    People deserve the freedom they get. Have you read the comments on BBC's article.
    http://www.bbc.co.uk/news/technology-10899338 [bbc.co.uk]
    Let me quite a few:

    Abu Mohd, Riyadh, Saudi Arabia

    I am an expat living in Saudi Arabia. For me the Blackberry is key to staying in contact with my family and friends in a way that I cannot do with other messaging services. I hope Saudi Arabia and RIM solve this situation. There are many people that work here who are away from their families that use this service. This ban would be one more reason to not come here, it does not help to the development of this country.

    Suresh Haridas, Al khobar, Saudi Arabia

    BlackBerry made our life much easier, whether we are using e-mail, internet, or BBM. A lot of people/students such as myself who live thousands of miles away from their family and friends really depend on BBM as a convenient medium to communicate. There is nothing compared to BBM in terms of quickness, convenience, and cost. On the other hand, I understand why governments such as Saudi Arabia, UAE, and others feel threatened. However, I am wondering why BlackBerry does not help these countries in terms of monitoring data and using their own servers to get to encrypted information.

    Rakan H, Riyadh, Saudi Arabia

    I am one of the youths who owns a BlackBerry and I completely agree that it is a major step in my country to protect it against any terrorist or anything that might affect our security. Also I believe all countries like the US should consider the same thing, because it is a tool that can be used among those people who can get access to national security and cause terror to communities. It is a perfect tool for them, cutting it off worldwide will definitely reduce the amount of global issues occurring. If it is necessary to protect the country then why not!

    Jim, Singapore

    I am a Canadian, living in Dubai and dreading losing my Blackberry. Most people I know are aware of the high level of security in the UAE and appreciate the benefits it provides. I would much rather lose some personal freedoms than take a chance with security. RIM has to understand that Dubai is a transit point for trade and potentially terrorism. Its population is continuously changing as over 80% of its residents are foreigners. UAE's high level of security is in the interests of the West. I am hopeful for a positive resolution but am not brave enough to buy up all the handsets that are selling cheap.

    Ara, Dubai, UAE

    Whilst it's perfectly true that any invasion of personal privacy in the name of national security is usually resented, I don't really understand the sense of outrage on this one. After all, don't the western intelligence agencies have extensive gathering facilities for the same sort of thing? I don't see the Gulf states doing anything more than our own governments, like it or not.

  • by cecom (698048)

    One would assume that this is all pointless, since anybody could just use a web service via https.

    However one would also assume that these governments control at least one trusted signing authority, so they can freely intercept any https.

    • Re: (Score:2, Informative)

      httpS is also not trustable. MITM attacks are not hard (buy the right piece of 'security appliance' and it will fool both ends of the SSL attack. I interviewed at various bay area companies (networking field) and they ALL are trying/doing this, now. very sad and very eye-opening.

      I will never trust the 's' in https again now that I've seen how bad the end-to-end 'authentication' is.

      • Re: (Score:3, Informative)

        by cecom (698048)

        I am pretty sure no security appliance can fool anything unless it can present a security certificate that my browser trusts. That can work in a corporate environment, a school, etc, but definitely not in general.

        In any case, you can trust https only to the extent you can trust the CAs. If there are any CAs in China, UAE, etc, then you can be sure the respective governments can issue a certificate for *.com :-)

  • Will the Committee for the Promotion of Virtue and the Prevention of Vice [wikipedia.org] have access?

    This makes a Blackberry useless for business purposes. In most of the countries involved, the Government itself owns major businesses. Nobody in the oil business would want to discuss anything related to a Government deal (which is most of them) over a Blackberry now.

  • I guess Dubai doesn't trust Halliburton anymore, then? Poor Dick Cheney, I hope he gets over it.
  • Assuming you have a BES server in your organization...

    Blackberries, AFAIK, send their data encrypted via the cell provider (RIM has servers on site?), then to RIM's central hub, and then to your BES server at your office, with high-grade end-to-end encryption.

    "We're more secure" I think is their selling point.

    How is that more secure, than say, an iPhone/Android communicating to an Exchange server directly over the internet but using quality SSL (ie, 2048 bit key, 128 bit AES, etc)?

    Is direct, over the Intern

    • by Sabriel (134364)

      If the SSL keys came from a certificate store which has made a silent agreement with a state, that state can decrypt any of your communications that pass through that state's infrastructure (or are otherwise obtainable).

      Furthermore, if I've been following things correctly, RIM's "selling point" is that (a) your corporate keys aren't known even by RIM, and consumer keys are known only by RIM and not anyone else, and (b) the Blackberry hardware is designed/certified to resist tampering to a degree that your t

      • by AHuxley (892839)
        Yes its a interesting thought experiment. Do the locals get 24/7 spyware, something at the back end server pump out plain text as needed? If the devices are hand held encrypt at A send, decrypt at at B, whats the solution to get plain text? World wide a lot of smart people should be thinking ummmm????
      • by swb (14022)

        Cert vendors can play games, but don't they just sign public keys? AFAIK, SSL certificate request doesn't include the private key, so a CA doesn't have it. Don't they just sign it for validity and provide some authentication that the cert buyer is who they claim to be?

        Even if SSL cert vendors *did* get private keys, there's nothing stopping the paranoid from using self-signed certs which with the right encryption would be highly resistant to tampering or interception.

        I can see where hardening the device

  • If anybody didn't understand why the secret service took away Obama's crackberry, it should be pretty clear now.

What this country needs is a good five dollar plasma weapon.

Working...