Feeds

Clinton barrels in to BlackBerry brouhaha

As Lebanon considers its options

High performance access to file storage

US Secretary of State Hillary Clinton reckons there is a "right to free use and access" that could be infringed by countries banning BlackBerrys.

The US government steps into the argument as concern over the difficulties of intercepting BlackBerry communications continues to spread, with Lebanon being the latest country to voice an opinion on the matter, and the Saudi Arabia ban due to come into effect today.

"We know that there is a legitimate security concern, but there's also a legitimate right of free use and access," the Secretary said, as reported by the Wall Street Journal. "So I think we will be pursuing both technical and expert discussions as we go."

Canada's government has also been expressing concern - RIM is a Canadian company and most of the servers under discussion are located in Canada.

Not that it's always clear what exactly is under discussion.

The consensus is that security forces have a very hard time breaking RIM's encryption, and that the company therefore provides access to messages in response to legitimate requests from law enforcement.

RIM doesn't exactly deny this in its statement: "Any claims that we provide, or have ever provided, something unique to the government of one country that we have not offered to the governments of all countries, are unfounded."

Compare with the comment from the UAE's US ambassador: "It is regrettable that after several years of discussions, BlackBerry is still not compliant with UAE regulatory requirements even as it complies with similar policies in other countries."

Companies running their own Enterprise severs can expect a secure connection from their mail server to RIM's servers, and a secure connection from there back to the user's handset, with little risk of interception. But that's not important, as local security services can just turn up and inspect the Enterprise server.

More difficult, for the security people, is a BlackBerry configured to collect email from the user's personal accounts. In that configuration the email server, and RIM's server, may be in a different country (or even different countries), leaving the security forces with no alternative but to call for a ban.

In the UK, for example, the Reg understands that RIM has servers in Slough*, to which the security forces can demand access if necessary (not that they would need to, but the potential exists). Large enterprises may run local servers too, which would equally be subject to local laws, but non-enterprise users in countries without nearby servers will find their email routed through Canada, and beyond the range of their own security forces.

Alternatives do exist: the on-handset email client can be replaced with something like AstraSync, which connect to a local email server using Exchange ActiveSync or similar. Or RIM's servers could be replicated in the local country - but enforcing that kind of solution takes time, and needs RIM's approval.

Governments have long complained about encryption preventing them providing security. If the US Government had gotten its way back in the early 90s we'd all be using Clipper Chips by now, and transportation of the written RSA formula would be as illegal as smuggling guns. ®

* O2 was an early supporter of RIM, and is based in Slough: we can't imagine any other reason why RIM would want to go there.

SANS - Survey on application security programs

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.