Feeds

Clinton barrels in to BlackBerry brouhaha

As Lebanon considers its options

3 Big data security analytics techniques

US Secretary of State Hillary Clinton reckons there is a "right to free use and access" that could be infringed by countries banning BlackBerrys.

The US government steps into the argument as concern over the difficulties of intercepting BlackBerry communications continues to spread, with Lebanon being the latest country to voice an opinion on the matter, and the Saudi Arabia ban due to come into effect today.

"We know that there is a legitimate security concern, but there's also a legitimate right of free use and access," the Secretary said, as reported by the Wall Street Journal. "So I think we will be pursuing both technical and expert discussions as we go."

Canada's government has also been expressing concern - RIM is a Canadian company and most of the servers under discussion are located in Canada.

Not that it's always clear what exactly is under discussion.

The consensus is that security forces have a very hard time breaking RIM's encryption, and that the company therefore provides access to messages in response to legitimate requests from law enforcement.

RIM doesn't exactly deny this in its statement: "Any claims that we provide, or have ever provided, something unique to the government of one country that we have not offered to the governments of all countries, are unfounded."

Compare with the comment from the UAE's US ambassador: "It is regrettable that after several years of discussions, BlackBerry is still not compliant with UAE regulatory requirements even as it complies with similar policies in other countries."

Companies running their own Enterprise severs can expect a secure connection from their mail server to RIM's servers, and a secure connection from there back to the user's handset, with little risk of interception. But that's not important, as local security services can just turn up and inspect the Enterprise server.

More difficult, for the security people, is a BlackBerry configured to collect email from the user's personal accounts. In that configuration the email server, and RIM's server, may be in a different country (or even different countries), leaving the security forces with no alternative but to call for a ban.

In the UK, for example, the Reg understands that RIM has servers in Slough*, to which the security forces can demand access if necessary (not that they would need to, but the potential exists). Large enterprises may run local servers too, which would equally be subject to local laws, but non-enterprise users in countries without nearby servers will find their email routed through Canada, and beyond the range of their own security forces.

Alternatives do exist: the on-handset email client can be replaced with something like AstraSync, which connect to a local email server using Exchange ActiveSync or similar. Or RIM's servers could be replicated in the local country - but enforcing that kind of solution takes time, and needs RIM's approval.

Governments have long complained about encryption preventing them providing security. If the US Government had gotten its way back in the early 90s we'd all be using Clipper Chips by now, and transportation of the written RSA formula would be as illegal as smuggling guns. ®

* O2 was an early supporter of RIM, and is based in Slough: we can't imagine any other reason why RIM would want to go there.

Top three mobile application threats

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.