Dubai's Police Chief Calls BlackBerry a Spy Tool 215
crimeandpunishment writes "Does the battle over the Blackberry ban in the United Arab Emirates have its roots in a spy story? Dubai's police chief says concern over espionage (specifically, by the US and Israel) led to the decision to limit BlackBerry services. The UAE says it will block BlackBerry email, messaging, and web services on October 11th unless it gets access to encrypted data. Comments by Lt. Gen. Dahi Khalfan Tamim are often seen as reflecting the views of Dubai's leadership, and would appear to indicate a very hard line in talks with Research in Motion."
Re:Is there anything special about RIM security? (Score:3, Informative)
Another non-blackberry user here, but from what I understand, what they provide is something like PGP on top of mail; your message gets encrypted using a private/public key system such that it's not vulnerable to man-in-the-middle attacks, which SSL/TLS (https/imaps) can be susceptible to.
Re:Is there anything special about RIM security? (Score:1, Informative)
I believe how Blackberry email works is that *everything* goes through RIM's servers. You can't point it at a non-RIM server; at least not without some hacking.
Re:Shoes a spy tool (Score:4, Informative)
Why is it so weird when other countries in turn demand the same kind of access? If US wants to promote privacy of citizens, at least start doing it yourself first.
Just because our country does it, doesn't mean that we don't oppose it. We oppose violation of privacy in all its forms, including our own government's.
Re:Let's try this again. "If only he knew..." (Score:3, Informative)
TEMPEST at a few hundred feet is pretty remarkable... you think it can be done in a satellite 50 miles high? Plus there's considerations such as the van allen belt and the ionosphere acting upon wavelength propagation, never mind the noise and attenuation distortions wielded upon an 2GHz+ clock rate of a typical system bus, or voltage balanced and shielded video cables at such great distances.
Now if you're thinking about satellite sweeping for wifi or cellular then it would be almost a given and certainly has a precedent - but otherwise I'm unconvinced that something could filter though a trashheap of digital noise from that distance.
Re:Politically prompted? (Score:4, Informative)
RIM has made it known that they are giving the encryption keys to BlackBerry communications to various governments - ergo, it makes some sense for Saudi Arabia to say that Saudi businessmen are not allowed to use them despite the convenience, due to risk of business espionage by foreign governments.
Re:Is there anything special about RIM security? (Score:5, Informative)
Re:a system that pays attention to impenetrability (Score:1, Informative)
Because Israeli spies allegedly killed Mahmoud al Mabhouh [wikipedia.org] in Dubai in 2010 and suspicion is on Blackberries as the communication method. In Dubai you can buy a Blackberry at a supermarket - all you need to do is provide a photocopy of an ID card to the sales agent (who is not a Dubai citizen and probably can't even speak Arabic) - huge room for fraud. And since Dubai can no longer know who owns what blackberries (or even who bought it) they are trying to crack it open.
Before that Dubai wanted to show itself as open and safe for business and blackberry-friendly. Now someone abused that so they are cracking down.
Re:i'm so sick of this equivalency (Score:3, Informative)
"let's get this straight right off: there never existed, does not exist, and never will exist a government that does not spy on its citizens
do you understand that? it's called law enforcement."
FAIL.
Law enforcement doesn't need to spy and should not spy without reason and a court order. It is spying and watching as a matter of course,, prying into everyone's lives for no reason, that is the issue here.
And for fuck's sake lay off the "you just try that in iran and china!" line, it makes you look like a moron. Being better than some of the most repressive regimes on the planet isn't enough for me, is it enough for you?
The real issue (Score:5, Informative)
Dubai's police chief says concern over espionage (specifically, by the US and Israel) led to the decision to limit BlackBerry services.
Well of course he would say that. Despotic Arab regimes have always used the US and Israel as an excuse for their own totalitarianism and oppression of minorities.
The article details the real reason, as if it wasn't obvious:
Tamim told a conference on information technology that the proposed BlackBerry curbs are also "meant to control false rumors and defamation of public figures due to the absence of surveillance,"
Translation: It promotes freedom of expression, and limits the government's ability to control its people, which frightens the shit out of Arab dictators.
Re:a system that pays attention to impenetrability (Score:3, Informative)
God does not want people to breach state mandated monopolies? What next - God supported Stalin?
Artists made a living for millennia before copyright law.
Many professional programmers choose to make limited use of copyright protection (open source licences) or even waive them altogether (stuff like SQLite that is public domain).
Re:a system that pays attention to impenetrability (Score:5, Informative)
As the GP pointed out, Israeli intelligence actually murdered people in Dubai. Given that, they do have a reason to be a bit wary of the risks posed.
OF course it is a nasty feudal dictatorship, with a modern gloss to hide its underlying backwardness, but it still has genuine enimies.
Re:Nothing to do with it ... (Score:1, Informative)
This might have been the case when you were there, but is not so any longer.
A few more phone models? More like any model you could find in the US/Europe. There are several phone/internet provider alternatives (the most popular alternative is "du").
Re:Politically prompted? (Score:5, Informative)
http://www.planetrulers.com/current-dictators/ [planetrulers.com]
authoritarian regimes/dictatorships
Algeria - Abdelaziz Bouteflika, President of Algeria
Angola - Mr. Jose Eduardo dos Santos, President of Angola
Azerbaijan - Ilham Aliyev, President of Azerbaijan
Belarus - Aleksandr Lukashenko, President of Belarus
Bhutan - Jigme Khesar Namgyal Wangchuck, King of Bhutan
Brunei - Sultan Haji Hassanal Bolkiah Mu'izzaddin Waddaulah
Cambodia - His Majesty King Norodom Sihamoni, King of Cambodia
Cameroon - Paul Biya, President of Cameroon
Chad - Idriss Deby, President of Chad
China - Hu Jintao, President of China
Congo, Dem. Rep. of - Isidore Mvouba, Prime Minister of Congo
Côte d'Ivoire - Laurent Gbagbo, President of Cote d'Ivoire
Cuba - Raul Castro, President of Cuba
Egypt - Hosny Mubarak, President of Egypt
Equatorial Guinea - OBIANG NGUEMA MBASOGO, President
Eritrea - Isaias Afwerki, President of Eritrea
Guinea - Lansana Conte, President of Guinea
Iran - Mahmoud Ahmadi Nejad, President of Iran
Iraq - Jalal Talabani, President of Iraq
Kazakhstan - Nursultan Nazarbaev, President of Kazakhstan
Laos - Lieutenant General Choummaly Sayasone, President
Libya - Muammar Abu Minyar al-Gaddafi, Leader of Libya
Myanmar (Burma) - Soe Win, Prime Minister of Myanmar (Burma)
North Korea - Kim Jong-il, President of North Korea
Oman - Qaboos bin Said Al-Said, Prime Minister of Oman
Pakistan - Pervez Musharraf, President of Pakistan
Qatar - Sheikh Hamad Bin Jassim Bin Jabr Al-Thani
Russia - Dmitry Anatolyevich Medvedev, President of Russia
Rwanda - Paul Kagame, President of Rwanda
Saudi Arabia - King Fahd bin Abdul Aziz, King of Saudi Arabia
Somalia - Abdullahi Yusuf Ahmed, President of Somalia
Sudan - Omar H.A. Al-Bashier, President of Sudan
Swaziland - Mswati III, King of Swaziland
Syria - Bashar al-Assad, President of Syria
Tajikistan - Emomalii Rahmon, President of Tadjikistan
Thailand - Surayut Chulanon, Royal Prime Minister of Thailand
Togo - Faure Essozimna Gnassingbe, President of Togo
Tunisia - Zine el Abidine Ben Ali, President of Tunisia
Turkmenistan - Gurbanguly BERDIMUHAMEDOW, President of Turkmenistan
United Arab Emirates - Sheikh Khalifa bin Zayed Al Nahyan
Uzbekistan - Islam Abdughanievich Karimov, President of Uzbekistan
Vietnam - Nong Duc Manh, President of Vietnam
Zimbabwe - Robert (Gabriel) Mugabe, President of Zimbabwe
Re:One single mistake and BB/RIM will be doomed (Score:3, Informative)
Look to Youtube, a certain country said "pull this video, pull that, setup office here, pay taxes". You know what Youtube did? Ignored! Don't they lose money/marketshare? Of course they do.
Sorry to burst your bubble, but that is simply not true. Try surfing YouTube in Germany, for instance. Lots and LOTS of videos are pulled or "not available in your country", they do pay out some local media conglomerates, and, guess what, Google has offices here too.
Re:Shoes a spy tool (Score:1, Informative)
Storing your private key in 2 places is traditionally a bad idea. Especially when one of those places is in the hands of a company which can be compelled to hand it over without telling you.
But the company can already do that. They own & run the email server - they already have full access to the email server. Keeping the encryption key doesn't give them any additional access that they didn't already have.
The blackberry platform is only a secure conduit between the handheld and the email server. The email server admin already has full access to the email server (and your email). The access level of the email server admin isn't changed by the blackberry platform.
If the goal were to simply be able to send data securely between your secure enterprise account and your blackberry then your secure enterprise account should only have your public key with which to encrypt data it sends to you and your private key should remain in your hands and your hands alone.
You really don't understand public key encryption. The entire content is not actually encrypted with RSA (or DSA). The RSA public/private key pair is used to encrypt a session key for a conventional cipher (AES in this case). The actual content is encrypted by a conventional non-public key cipher.
Idealy the secure enterprise account shouldn't be able to decrypt your data at all.
No. At some point your messages have to leave the encrypted realm and enter the email server.
Now this could be for the sake of efficiency since public key crypto takes more cpu cycles but simply put if the US government asked for your private key, lets say they sent an NSL, RIM would be able to give it to them.
That is not a secure system.
A secure system would be one where only you have your private key and where blackberry merely validates certificates.
You're an ignorant moron. A secure system does not depend on RIM to validate certificates. It's must better not to have to trust anyone.
With a blackberry enterprise server, RIM does not have encryption keys to hand over to the US government (or any other). The keys are on the blackberry enterprise server and on the handheld.
Sending a NSL to RIM to hand over my encryption key is as useful as sending a NSL ordering you to hand over my encryption key. As much as you hate me for pointing out that you really don't understand encryption, YOU DON'T HAVE MY ENCRYPTION KEY TO HAND OVER TO THE GOVERNMENT. RIM DOESN'T HAVE THE ENCRYPTION KEY EITHER.
That is the part that the governments of India, UAE, Saudi Arabia and others are having trouble understanding.
In which case anyone who wanted to read your communications would have to perform an explicit man in the middle attack after strong-arming blackberry into signing a cert for them.
There have been many, many successful attacks based on spoofing certificate authorities or errors in validating certificates. That is why RIM doesn't do it.
Your proposal gives RIM the ability to access the encrypted messages. Instead, RIM designed a better system where RIM is NOT in the encryption loop. The key exchange between a blackberry enterprise server and handheld can be done by direct USB cable connection - good look spoofing that.
So to make it genuinely secure you'd have to use public key crypto and let people choose their own certificate service in which case it would be as secure as the cert service and devices themselves.
And there is the flaw in your reasoning. There have been many, many successful attacks based on spoofing certificate authorities or errors in validating certificates.
Re:Nothing to do with it ... (Score:1, Informative)
Now, 12 years, later, there is a few more phone models, but still only one (1) line provider, one (1) internet provider, one (1) e-mail service ... wanna take a guess who it is ?
Whichever of Sheikh Khalifa's brothers is running Etisalat doesn't want his business fucked up, and the possibility of anyone using IT without Etisalat getting their pound of flesh is unthinkable. THAT is why they are putting the screws on RIM.
You most likely don't live in Dubai anymore.
UAE has got another telphone/internet provider since 2006: http://en.wikipedia.org/wiki/Emirates_Integrated_Telecommunications_Company.