BLACKBERRY BLUES

AUGUST 6th 2010
RIM was the first company in the mobile phone business to uderstand that the way to crack the business market was to convince lawyers their message would be private and confidential. Lawyers are by nature technophobes, and although smart phones had been around for years, and email over mobiles possible before GPRS, let alone G3 etc, it was the Blackberry that broke into the market of non-technical business users with encryption and 'push-email', which meant the receiving party need to do and know nothing in order to find their new email instantly on their phone. Other operators missed a trick there but they did not want to court trouble and expense as they were going for the mass market. Ironically they missed the up-market mass market as a result and may users started to buy Blackberries not realising a good Nokia was all they needed and could have been using for years.


Encryption for email had been available for all since 1991 - the first version of PGP was written by Philip Zimmerman. (Hi Phil, long time no see)

It is  now available after a history of developers, suppliers and advisors at http://www.pgp.com/index.html

What is now apparently worrying some countries afflicted by terrorist operations is the combination of mass use of encryption on a very large number of Blackberry mobile phones as a standard, without any effort or intention on behal;f of the users, making the flood of encrypted messages in email and short messaging so great that nothing stands out. Because, lets face it, it is only a pattern of communication related to movements and/or identities of users that can narrow down targets to a number where any interception or analysis is possible even if warrented, by authorised security services on their proper business.

As Susan Taylor and Souhail Karam reporting for Reuters put it [ http://news.yahoo.com/s/nm/20100805/ts_nm/us_blackberry ]:

"RIM has said BlackBerry security is based on a system where customers create their own keys. The company neither has a master key nor any "back door" to let RIM or third parties to gain access to data.

But one security expert said the RIM system was not impregnable. "I could design a good hundred ways to gain access," said Bruce Schneier, chief security technology officer for BT.

The company said Wednesday it has never provided anything unique to the government of one country and cannot accommodate any request for a copy of a customer's encryption key."

Cracking an encyphered message is one thing, cracking quite a lot in a short time is another, even if you are head of security at BT. Scanning many encrypted messages for keywords if you are a security service in a hurry is quite another game - impossible.

It is unfortunate for Blackberry that they should fall foul of this conflict of interest simply because they are making what is in effect possible for anyone on the Internet available to all their mobile phone users.


Ordinary email is in fact quite secure enough for ordinary usage providing users know what they are doing, use good services and are not the target of those with abnormal access and privilege. Ordinary mobiles send scrambled signals over the wireless frequencies in any event.

No doubt some modus vivendi will be worked out, but I do see the difficulty. If encryption is an option on Blackberries, some users might rather switch it off than lose facility but others have come to expect it for commercial privacy. There is no way governments equipped with the most sophisticated means of breaking cyphers are going to supply the software and hardware to other governments. There is no way RIM can offer special advice or treatment. It will be interesting to see how this is resolved and if we are ever told how it is resolved. I for one do not need to know, I would rather guess.



AUGUST 13th 2010
It seems the solution is for RIM to tell all governments in the countries they wish their mobiles to work fully, who don't already know how to crack the encryption, how to do it.
Research In Motion has promised India a technical solution for decoding encrypted BlackBerry data, a senior official said on Friday, a step that could allay Indian security concerns about the smartphone and avert a shutdown.
http://news.yahoo.com/s/nm/20100813/ts_nm/us_blackberry

AUGUST 17th 2010
For those innocents who are wondering why other phones are not so affected and if their network access will be blocked if they send encrypted messages I include this para from Wikipedia, discussing push-email, which applies to this issue in general. Non-proprietory GSM mobile email systems use any available networl with a roaming agreement, or a local sim card can be inserted in your GSM phone.
Most non-proprietary solutions are network independent, meaning that as long as a device is data enabled and has an e-mail client, it will have the ability to send/receive e-mails in any country and via any telco that has data service on its network. It also means that so long as the device itself is not SIM locked (in the case of GSM systems), the constraints of BlackBerry such as network locking, vendor locking (BlackBerry devices and BlackBerry Connect devices) and data-roaming charges (for non-home access) are not an issue. For a GSM system, pop in a local SIM card in any country the user is in, have the correct APN settings and get your mail at LOCAL rates.


nnnn