Forgot your password?
typodupeerror
Censorship Cellphones Communications Encryption Government Handhelds Security Your Rights Online

Saudi Says RIM Deal Reached; BlackBerry OK, If We Can Read the Messages 185

Posted by timothy
from the envelopes-ok-but-must-be-clear dept.
crimeandpunishment writes "There's a deal on the table to avert a ban on Blackberry's messenger service in Saudi Arabia. A Saudi regulatory official, speaking on the condition of anonymity, told the Associated Press the deal involves placing a server in Saudi Arabia ... and letting the government monitor users' messages, easing Saudi concerns over security and criminal usage. The deal could have wide-ranging implications, given how many other countries have expressed similar concerns, or in the case of the United Arab Emirates, have threatened to block Blackberry email and messaging services." Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.
This discussion has been archived. No new comments can be posted.

Saudi Says RIM Deal Reached; BlackBerry OK, If We Can Read the Messages

Comments Filter:
  • But of course (Score:2, Informative)

    by BangaIorean (1848966) on Saturday August 07, 2010 @01:41PM (#33174594)

    Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.

    But of course. Like this guy has mentioned here [slashdot.org]. It's all about getting a server established in India.

  • by Anonymous Coward on Saturday August 07, 2010 @01:50PM (#33174658)

    Note: They never said they would not give a government access to private customers (BIS) as they will do in this case, they said they COULD not give anyone access to enterprise customers (BES) simply 'cause they don't have the keys...

  • Re:https? (Score:2, Informative)

    by TheGratefulNet (143330) on Saturday August 07, 2010 @04:28PM (#33175512)

    httpS is also not trustable. MITM attacks are not hard (buy the right piece of 'security appliance' and it will fool both ends of the SSL attack. I interviewed at various bay area companies (networking field) and they ALL are trying/doing this, now. very sad and very eye-opening.

    I will never trust the 's' in https again now that I've seen how bad the end-to-end 'authentication' is.

  • by thePowerOfGrayskull (905905) <marc.paradise@NOspaM.gmail.com> on Saturday August 07, 2010 @04:29PM (#33175520) Homepage Journal

    Guess they don't have any backbone to just drop the country and let the end-users take action.

    It's interesting how we keep seeing a conflation of two different issues.

    BES (enterprise) cannot be monitored. All traffic is encrypted - while it travels through RIM servers, it is encrypted with a key owned by the companies running BES. This includes email and - if I recall correctly -- BlackBerry messenger messages. This means that only devices that have the appropriate keys can decrypt the traffic. No matter what deals are reached, this can't be changed by RIM.

    BIS (consumer) is routed through BB servers, and is not encrypted (or in the case of BBM not unbreakably encrypted). This can be monitored and probably is in many places.

    So in the past few days, we've seen RIM make an announcement over how BES is utterly secure. This has not changed at all - without the keys that companies own, BES traffic can't be decrypted -- RIM devices natively support TripleDES, AES128/192/256, and a host of other crypto algorithms. I don't think anyone's managed to break them so far, at least not in any practical sense...

    Presumably what's happened is that RIM is providing access to monitor BIS (consumer) traffic -- which is something that they've done in other places as well and has prior precedent.

  • by PopeRatzo (965947) * on Saturday August 07, 2010 @04:51PM (#33175624) Homepage Journal

    From watching the news, I would never have thought crime was decreasing.

    Amazing, isn't it? You'd think that crime was completely out of control.

    Even crime along the US/Mexican border has decreased for each of the last 5 years. From all the hollering in Arizona, you'd think that it was completely lawless, when in fact, crime rates are significantly down.

  • Re:https? (Score:3, Informative)

    by cecom (698048) on Saturday August 07, 2010 @06:51PM (#33176426) Homepage Journal

    I am pretty sure no security appliance can fool anything unless it can present a security certificate that my browser trusts. That can work in a corporate environment, a school, etc, but definitely not in general.

    In any case, you can trust https only to the extent you can trust the CAs. If there are any CAs in China, UAE, etc, then you can be sure the respective governments can issue a certificate for *.com :-)

  • by Alcoholist (160427) on Saturday August 07, 2010 @09:45PM (#33177394) Homepage

    The problem with freedom is that it never seems to involve corporations or governments.

    The the solution to this particular problem is easy, simply let the users run their own encryption with their own software and own keys on their own hardware. I'm surprised such a thing doesn't exist now for the Blackberry. Oh wait, it does [pgp.com]. All RIM has to do is tell these dumb governments that "yep, you can read the stuff on our servers," while at the same time paying bloggers under the table to spread word on how to install third party encryption.

    If these governments are still really pissed off about it, they can start arresting users for having encryption software and they can keep on doing that until people finally get the notion they are living in a police state and maybe want to do something about it.

Today's scientific question is: What in the world is electricity? And where does it go after it leaves the toaster? -- Dave Barry, "What is Electricity?"

Working...