Forgot your password?
typodupeerror
Security Cellphones Encryption Government Privacy

Dubai's Police Chief Calls BlackBerry a Spy Tool 215

Posted by Soulskill
from the my-name-is-michael-westen dept.
crimeandpunishment writes "Does the battle over the Blackberry ban in the United Arab Emirates have its roots in a spy story? Dubai's police chief says concern over espionage (specifically, by the US and Israel) led to the decision to limit BlackBerry services. The UAE says it will block BlackBerry email, messaging, and web services on October 11th unless it gets access to encrypted data. Comments by Lt. Gen. Dahi Khalfan Tamim are often seen as reflecting the views of Dubai's leadership, and would appear to indicate a very hard line in talks with Research in Motion."
This discussion has been archived. No new comments can be posted.

Dubai's Police Chief Calls BlackBerry a Spy Tool

Comments Filter:
  • by oiron (697563) on Sunday September 05, 2010 @02:56AM (#33480102) Homepage

    Another non-blackberry user here, but from what I understand, what they provide is something like PGP on top of mail; your message gets encrypted using a private/public key system such that it's not vulnerable to man-in-the-middle attacks, which SSL/TLS (https/imaps) can be susceptible to.

  • by Anonymous Coward on Sunday September 05, 2010 @02:58AM (#33480118)

    I believe how Blackberry email works is that *everything* goes through RIM's servers. You can't point it at a non-RIM server; at least not without some hacking.

  • Re:Shoes a spy tool (Score:4, Informative)

    by pitchpipe (708843) on Sunday September 05, 2010 @03:13AM (#33480174)

    Why is it so weird when other countries in turn demand the same kind of access? If US wants to promote privacy of citizens, at least start doing it yourself first.

    Just because our country does it, doesn't mean that we don't oppose it. We oppose violation of privacy in all its forms, including our own government's.

  • TEMPEST at a few hundred feet is pretty remarkable... you think it can be done in a satellite 50 miles high? Plus there's considerations such as the van allen belt and the ionosphere acting upon wavelength propagation, never mind the noise and attenuation distortions wielded upon an 2GHz+ clock rate of a typical system bus, or voltage balanced and shielded video cables at such great distances.

    Now if you're thinking about satellite sweeping for wifi or cellular then it would be almost a given and certainly has a precedent - but otherwise I'm unconvinced that something could filter though a trashheap of digital noise from that distance.

  • by Peeteriz (821290) on Sunday September 05, 2010 @03:36AM (#33480246)

    RIM has made it known that they are giving the encryption keys to BlackBerry communications to various governments - ergo, it makes some sense for Saudi Arabia to say that Saudi businessmen are not allowed to use them despite the convenience, due to risk of business espionage by foreign governments.

  • by Lehk228 (705449) on Sunday September 05, 2010 @03:41AM (#33480262) Journal
    the blackberry connects to RIM and RIM connects to your email, or if you are corporate the blackberry points to the corporate BES server, the link between the handset and RIM or between the handset and your company's BES server is heavilly encrypted, and in the case of BES servers even RIM cannot access the data, only your company's security staff and other authorized users, making it suitable for communicating confidential and trade secret information that a regular smartphone should not be handling. BES is also able to remotely control security settings and initiate a secure wipe.
  • by Anonymous Coward on Sunday September 05, 2010 @04:12AM (#33480338)

    Because Israeli spies allegedly killed Mahmoud al Mabhouh [wikipedia.org] in Dubai in 2010 and suspicion is on Blackberries as the communication method. In Dubai you can buy a Blackberry at a supermarket - all you need to do is provide a photocopy of an ID card to the sales agent (who is not a Dubai citizen and probably can't even speak Arabic) - huge room for fraud. And since Dubai can no longer know who owns what blackberries (or even who bought it) they are trying to crack it open.
    Before that Dubai wanted to show itself as open and safe for business and blackberry-friendly. Now someone abused that so they are cracking down.

  • by Nursie (632944) on Sunday September 05, 2010 @04:36AM (#33480398)

    "let's get this straight right off: there never existed, does not exist, and never will exist a government that does not spy on its citizens
    do you understand that? it's called law enforcement."

    FAIL.

    Law enforcement doesn't need to spy and should not spy without reason and a court order. It is spying and watching as a matter of course,, prying into everyone's lives for no reason, that is the issue here.

    And for fuck's sake lay off the "you just try that in iran and china!" line, it makes you look like a moron. Being better than some of the most repressive regimes on the planet isn't enough for me, is it enough for you?

  • The real issue (Score:5, Informative)

    by lewko (195646) on Sunday September 05, 2010 @05:06AM (#33480476) Homepage

    Dubai's police chief says concern over espionage (specifically, by the US and Israel) led to the decision to limit BlackBerry services.

    Well of course he would say that. Despotic Arab regimes have always used the US and Israel as an excuse for their own totalitarianism and oppression of minorities.

    The article details the real reason, as if it wasn't obvious:
    Tamim told a conference on information technology that the proposed BlackBerry curbs are also "meant to control false rumors and defamation of public figures due to the absence of surveillance,"

    Translation: It promotes freedom of expression, and limits the government's ability to control its people, which frightens the shit out of Arab dictators.

  • by the_womble (580291) on Sunday September 05, 2010 @05:27AM (#33480534) Homepage Journal

    God does not want people to breach state mandated monopolies? What next - God supported Stalin?

    Artists made a living for millennia before copyright law.

    Many professional programmers choose to make limited use of copyright protection (open source licences) or even waive them altogether (stuff like SQLite that is public domain).

  • by the_womble (580291) on Sunday September 05, 2010 @05:35AM (#33480558) Homepage Journal

    As the GP pointed out, Israeli intelligence actually murdered people in Dubai. Given that, they do have a reason to be a bit wary of the risks posed.

    OF course it is a nasty feudal dictatorship, with a modern gloss to hide its underlying backwardness, but it still has genuine enimies.

  • by Anonymous Coward on Sunday September 05, 2010 @06:37AM (#33480706)

    This might have been the case when you were there, but is not so any longer.

    A few more phone models? More like any model you could find in the US/Europe. There are several phone/internet provider alternatives (the most popular alternative is "du").

  • by HungryHobo (1314109) on Sunday September 05, 2010 @06:42AM (#33480722)

    http://www.planetrulers.com/current-dictators/ [planetrulers.com]

    authoritarian regimes/dictatorships

    Algeria - Abdelaziz Bouteflika, President of Algeria
    Angola - Mr. Jose Eduardo dos Santos, President of Angola
    Azerbaijan - Ilham Aliyev, President of Azerbaijan
    Belarus - Aleksandr Lukashenko, President of Belarus
    Bhutan - Jigme Khesar Namgyal Wangchuck, King of Bhutan
    Brunei - Sultan Haji Hassanal Bolkiah Mu'izzaddin Waddaulah
    Cambodia - His Majesty King Norodom Sihamoni, King of Cambodia
    Cameroon - Paul Biya, President of Cameroon
    Chad - Idriss Deby, President of Chad
    China - Hu Jintao, President of China
    Congo, Dem. Rep. of - Isidore Mvouba, Prime Minister of Congo
    Côte d'Ivoire - Laurent Gbagbo, President of Cote d'Ivoire
    Cuba - Raul Castro, President of Cuba
    Egypt - Hosny Mubarak, President of Egypt
    Equatorial Guinea - OBIANG NGUEMA MBASOGO, President
    Eritrea - Isaias Afwerki, President of Eritrea
    Guinea - Lansana Conte, President of Guinea
    Iran - Mahmoud Ahmadi Nejad, President of Iran
    Iraq - Jalal Talabani, President of Iraq
    Kazakhstan - Nursultan Nazarbaev, President of Kazakhstan
    Laos - Lieutenant General Choummaly Sayasone, President
    Libya - Muammar Abu Minyar al-Gaddafi, Leader of Libya
    Myanmar (Burma) - Soe Win, Prime Minister of Myanmar (Burma)
    North Korea - Kim Jong-il, President of North Korea
    Oman - Qaboos bin Said Al-Said, Prime Minister of Oman
    Pakistan - Pervez Musharraf, President of Pakistan
    Qatar - Sheikh Hamad Bin Jassim Bin Jabr Al-Thani
    Russia - Dmitry Anatolyevich Medvedev, President of Russia
    Rwanda - Paul Kagame, President of Rwanda
    Saudi Arabia - King Fahd bin Abdul Aziz, King of Saudi Arabia
    Somalia - Abdullahi Yusuf Ahmed, President of Somalia
    Sudan - Omar H.A. Al-Bashier, President of Sudan
    Swaziland - Mswati III, King of Swaziland
    Syria - Bashar al-Assad, President of Syria
    Tajikistan - Emomalii Rahmon, President of Tadjikistan
    Thailand - Surayut Chulanon, Royal Prime Minister of Thailand
    Togo - Faure Essozimna Gnassingbe, President of Togo
    Tunisia - Zine el Abidine Ben Ali, President of Tunisia
    Turkmenistan - Gurbanguly BERDIMUHAMEDOW, President of Turkmenistan
    United Arab Emirates - Sheikh Khalifa bin Zayed Al Nahyan
    Uzbekistan - Islam Abdughanievich Karimov, President of Uzbekistan
    Vietnam - Nong Duc Manh, President of Vietnam
    Zimbabwe - Robert (Gabriel) Mugabe, President of Zimbabwe

  • by mxs (42717) on Sunday September 05, 2010 @07:05AM (#33480762)

    Look to Youtube, a certain country said "pull this video, pull that, setup office here, pay taxes". You know what Youtube did? Ignored! Don't they lose money/marketshare? Of course they do.

    Sorry to burst your bubble, but that is simply not true. Try surfing YouTube in Germany, for instance. Lots and LOTS of videos are pulled or "not available in your country", they do pay out some local media conglomerates, and, guess what, Google has offices here too.

  • Re:Shoes a spy tool (Score:1, Informative)

    by Anonymous Coward on Sunday September 05, 2010 @01:46PM (#33482176)

    Storing your private key in 2 places is traditionally a bad idea. Especially when one of those places is in the hands of a company which can be compelled to hand it over without telling you.

    But the company can already do that. They own & run the email server - they already have full access to the email server. Keeping the encryption key doesn't give them any additional access that they didn't already have.

    The blackberry platform is only a secure conduit between the handheld and the email server. The email server admin already has full access to the email server (and your email). The access level of the email server admin isn't changed by the blackberry platform.

    If the goal were to simply be able to send data securely between your secure enterprise account and your blackberry then your secure enterprise account should only have your public key with which to encrypt data it sends to you and your private key should remain in your hands and your hands alone.

    You really don't understand public key encryption. The entire content is not actually encrypted with RSA (or DSA). The RSA public/private key pair is used to encrypt a session key for a conventional cipher (AES in this case). The actual content is encrypted by a conventional non-public key cipher.

    Idealy the secure enterprise account shouldn't be able to decrypt your data at all.

    No. At some point your messages have to leave the encrypted realm and enter the email server.

    Now this could be for the sake of efficiency since public key crypto takes more cpu cycles but simply put if the US government asked for your private key, lets say they sent an NSL, RIM would be able to give it to them.
    That is not a secure system.
    A secure system would be one where only you have your private key and where blackberry merely validates certificates.

    You're an ignorant moron. A secure system does not depend on RIM to validate certificates. It's must better not to have to trust anyone.

    With a blackberry enterprise server, RIM does not have encryption keys to hand over to the US government (or any other). The keys are on the blackberry enterprise server and on the handheld.

    Sending a NSL to RIM to hand over my encryption key is as useful as sending a NSL ordering you to hand over my encryption key. As much as you hate me for pointing out that you really don't understand encryption, YOU DON'T HAVE MY ENCRYPTION KEY TO HAND OVER TO THE GOVERNMENT. RIM DOESN'T HAVE THE ENCRYPTION KEY EITHER.

    That is the part that the governments of India, UAE, Saudi Arabia and others are having trouble understanding.

    In which case anyone who wanted to read your communications would have to perform an explicit man in the middle attack after strong-arming blackberry into signing a cert for them.

    There have been many, many successful attacks based on spoofing certificate authorities or errors in validating certificates. That is why RIM doesn't do it.

    Your proposal gives RIM the ability to access the encrypted messages. Instead, RIM designed a better system where RIM is NOT in the encryption loop. The key exchange between a blackberry enterprise server and handheld can be done by direct USB cable connection - good look spoofing that.

    So to make it genuinely secure you'd have to use public key crypto and let people choose their own certificate service in which case it would be as secure as the cert service and devices themselves.

    And there is the flaw in your reasoning. There have been many, many successful attacks based on spoofing certificate authorities or errors in validating certificates.

  • by Anonymous Coward on Sunday September 05, 2010 @04:48PM (#33483244)

    Now, 12 years, later, there is a few more phone models, but still only one (1) line provider, one (1) internet provider, one (1) e-mail service ... wanna take a guess who it is ?

    Whichever of Sheikh Khalifa's brothers is running Etisalat doesn't want his business fucked up, and the possibility of anyone using IT without Etisalat getting their pound of flesh is unthinkable. THAT is why they are putting the screws on RIM.

    You most likely don't live in Dubai anymore.

    UAE has got another telphone/internet provider since 2006: http://en.wikipedia.org/wiki/Emirates_Integrated_Telecommunications_Company.

Little known fact about Middle Earth: The Hobbits had a very sophisticated computer network! It was a Tolkien Ring...

Working...