BLACKBERRY
BLUES
AUGUST 6th 2010
RIM was the
first company in the mobile phone business to uderstand that the way to
crack the business market was to convince lawyers their message would
be private and confidential. Lawyers are by nature technophobes, and
although smart phones had been around for years, and email over mobiles
possible before GPRS, let alone G3 etc, it was the Blackberry that
broke into the market of non-technical business users with encryption
and 'push-email', which meant the receiving party need to do and know
nothing in order to find their new email instantly on their phone.
Other operators
missed a trick there but they did not want to court trouble and expense
as they were going for the mass market. Ironically they missed the
up-market mass market as a result and may users started to buy
Blackberries not realising a good Nokia was all they needed and could
have been using for years.
Encryption for
email had been available for all since 1991 - the first version of PGP
was written by Philip Zimmerman. (Hi Phil, long time no see)
It is now
available after a history of developers, suppliers and advisors at http://www.pgp.com/index.html
What is now
apparently worrying some countries afflicted by terrorist operations is
the combination of mass use of encryption on a very large number of
Blackberry mobile phones as a standard, without any effort or intention
on behal;f of the users, making the flood of encrypted messages in
email and short messaging so great that nothing stands out. Because,
lets face it, it is only a pattern of communication related to
movements and/or identities of users that can narrow down targets to a
number where any interception or analysis is possible even if
warrented, by authorised security services on their proper business.
As Susan
Taylor and Souhail Karam reporting for Reuters
put it [ http://news.yahoo.com/s/nm/20100805/ts_nm/us_blackberry ]:
"RIM
has
said
BlackBerry
security
is
based on a system where customers
create their own keys. The company neither has a master key nor any
"back door" to let RIM or third parties to gain access to data.
But
one
security
expert
said
the
RIM system was not impregnable. "I could
design a good hundred ways to gain access," said Bruce Schneier, chief
security technology officer for BT.
The company said Wednesday it has never
provided anything unique to the government of one country and cannot
accommodate any request for a copy of a customer's
encryption
key."
Cracking an
encyphered message is one thing, cracking quite a lot in a short time
is another, even if you are head of security at BT. Scanning many
encrypted messages for keywords if you are a security service in a
hurry is quite another game - impossible.
It is unfortunate for Blackberry that they should fall foul of this
conflict of interest simply because they are making what is in effect
possible for anyone on the Internet available to all their mobile phone
users.
Ordinary email
is in fact quite secure enough for ordinary usage providing users know
what they are doing, use good services and are not the target of those
with abnormal access and privilege. Ordinary mobiles send scrambled
signals over the wireless frequencies in any event.
No doubt some
modus vivendi will be worked out, but I do see the difficulty. If
encryption is an option on Blackberries, some users might rather switch
it off than lose facility but others have come to expect it for
commercial privacy. There is no way governments equipped with the most
sophisticated means of breaking cyphers are going to supply the
software and hardware to other governments. There is no way RIM can
offer special advice or treatment. It will be interesting to see how
this is resolved and if we are ever told how it is resolved. I for one
do not need to know, I would rather guess.
AUGUST 13th 2010
It seems the solution is for RIM to tell all governments in the
countries they wish their mobiles to work fully, who don't already know
how to crack the encryption, how to do it.
Research In Motion has promised India a technical solution for
decoding encrypted BlackBerry data, a senior official said on Friday, a
step that could allay Indian security concerns about the smartphone and
avert a shutdown.
http://news.yahoo.com/s/nm/20100813/ts_nm/us_blackberry
AUGUST
17th 2010
For those innocents who are wondering why other phones are not so
affected and if their network access will be blocked if they send
encrypted messages I include this para from Wikipedia, discussing
push-email, which applies to this issue in general. Non-proprietory GSM
mobile email systems use any available networl with a roaming
agreement, or a local sim card can be inserted in your GSM phone.
Most non-proprietary solutions are network
independent, meaning that as long as a device is data enabled and
has an e-mail client, it will have the ability to send/receive e-mails
in any country and via any telco that has data service on its network.
It also means that so long as the device itself is not SIM locked (in the case of GSM systems), the constraints of
BlackBerry such as network locking, vendor locking (BlackBerry devices
and BlackBerry Connect devices) and data-roaming charges (for non-home
access) are not an issue. For a GSM
system, pop in a local SIM card in any country the user is in, have the
correct APN settings and get your mail at LOCAL rates.
nnnn