The Register® — Biting the hand that feeds IT

Feeds

Indonesia joins BlackBerry wiretapping pile-on

Stops short of ban threat

By Christopher Williams, 5th August 2010
  • print
  • alert

Agentless Backup is Not a Myth

Indonesia has joined Middle Eastern states to put pressure on RIM to provide authorities with BlackBerry interception capabilities.

Today its communications regulator toned down earlier rhetoric, however, saying "so far there is absolutely no plan" to follow the UAE and Saudi Arabia in threatening to restrict BlackBerry services.

Indonesia said it had appealed to the firm last year to establish a local data centre to assist law enforcement, but insisted it was "only a plea and there is no legal sanction". In most international markets, RIM routes encrypted BlackBerry communications its via facilities in Canada, avoiding interception laws (although large corporates typically run their own local servers).

There is a Google translation of Indonesia's position here.

Saudi Arabia plans to implement its restrictions on BlackBerry tomorrow, and the UAE has set a deadline of 11 October for RIM to fall into line. Both have complained at perceived double-standards over the firm's covert cooperation with Western government eavesdroppers.

Indonesia's more conciliatory tone is good news for RIM - the country has a rapidly growing economy and a population more than seven times that of the two Arab states combined.

Lord West, until recently UK security minister, seemed to provide hints the UK is able to access the content of BlackBerry emails and instant messenger conversations this week. In a debate on Newsnight he expressed no concern over monitoring RIM traffic.

The UK may have acquired the capability quite simply. BlackBerry's security is accredited by CESG, the information assurance arm of the interception agency GCHQ. Obtaining the endorsement requires manufacturers to open their source code to inspection. ®

What you need to know about cloud backup

COMMENTS

House Rules Send Corrections
All Reader Comments (5)
Highly Rated
JaitcH

RIM total privacy, except for Obama, is illusionary

Few hardware based encryption systems are government-intrusion proof and this includes RIM.

RIM servers are scattered around the world, not all traffic is routed through RIM Canada. The ever nosey Canadian Government's Communications Security Establishment Canada performs some functions as does the GCHQ. They have an interesting document here: < http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57-eng.html>.

Note the following extract: "Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic “key” that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the “BlackBerry Solution Security Technical Overview” document [****] published by RIM specifically advises users to “consider PIN messages as scrambled, not encrypted”. "

[****] BlackBerry Enterprise Solution: Security Technical Overview, for BlackBerry Enterprise Server Version 4.1 Service Pack 5 and BlackBerry Device Software Version 4.5, Document Part #17930884 Version 2, Research-In-Motion, 2008. < http://docs.blackberry.com/en/admin/deliverables/3317/BB_Ent_Soln_Security_4.1.5_STO.pdf >

In other words RIM can, and does, provide the means to monitor in-country traffic.

If you want secure comms see < http://blogs.forbes.com/firewall/2010/05/25/android-app-aims-to-allow-wiretap-proof-cell-phone-calls/ >.

1
0
Jolyon Ralph

For further information...

http://www.newsbiscuit.com/2010/08/02/gulf-states-order-blackberry-users-to-cover-their-phones-in-a-tiny-burqa/

1
0
John 179

So much for cell phones

I think I'll just stick with my computer where I can use encrypt my email (with TrulyMail, PGP, or whatever else I want) and anyone who intercepts it only gets garbled junk.

Since we can't trust the phone makers, we must trust other tools. Luckily, there are other tools.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
Jailed LulzSec hacker Cleary coughs to child porn images, will be freed soon
Some images of infants as young as six months
68
NSA whistleblower to tech firms, Obama: 'Grow a pair!'
Ed Snowden: Email tracking grabs 'IPs, raw data, content, headers, attachments, everything'
66
Google flings another £1m at online child sex abuse vid CRACKDOWN
See, see, we're trying, ad giant tells Daily Mail UK.gov
41
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
119
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Not just telcos, THOUSANDS of companies share data with US spies
It's all perfectly legal, trust us
68
NSA: We COULD track you by your phone ... if we WANTED to
Honestly, too much work, can't be bothered
53