The encryption of data on BlackBerry smartphones has put RIM on a collision course with some of the world's more controlling Governments.
Earlier this week, the UAE telecoms authority said BlackBerrys worked "beyond the jurisdiction" of national laws because data is stored beyond the country's borders.
"As a result of how Blackberry data is managed and stored, in their current form, certain Blackberry applications allow people to misuse the service, causing serious social, judicial and national security repercussions," the authority stated, raising concerns the UAE would ban the device.
http://www.pcpro.co.uk/news/security/359890/why-governments-are-afraid-of-blackberrys
What a load of absolute and utter poppycock. How is that any different from storing data on a web server in another country using HTTPS? If they can monitor other mobile data traffic (which could be HTTPS to another country) how is the BlackBerry any dfferent?
The technicalities are over my head, but would it be the fact that BlackBerry phones encrypt data that's the alleged issue?
Here is the problem.
If you look at a BlackBerry device it will have two data profiles, the standard one with details of an Access Point server on your mobile network that gives you web access and the other for an Access Point on Research In Moton's own network.
As far as I know they have servers in the UK and Canada so if you are in the UK you'll probably connect to the UK one but if you are elsewhere it'll be the Canadian one.
So your mail is encrypted on the device and sent over the radio network and then routed over one of your network's Internet connections.
At some point it then gets handed off to RIM's own backbone and then onto their server, if you have BlackBerry enterprise server on a corporate network it'll get forwarded to that but if you are just an individual sending to a normal mail account it will connect to the appropriate account and then send.
Now RIM say that even they cannot break the encryption used and were previously asked for the encryption keys by the Indian government but they refused.
Now I'm sure if they needed to the Canadian or UK governments could simply storm the data centres and the service would halt but because there are no RIM DCs in the UAE they cannot.
Also, like China, residents in those regions are subject to strict Internet filtering policies and irrespective of which of the two ISPs you use all traffic goes through a government controlled proxy that filters out what the government considers to be objectionable content and also stops you using VoIP or indeed any audio conferencing software.
Quote from: pctech on Aug 02, 2010, 03:10:19
So your mail is encrypted on the device and sent over the radio network and then routed over one of your network's Internet connections.
Yep, exactly the same as would happen if I used a 'normal web-phone' and logged onto my Yahoo!!!!!!!!! Mail account over HTTPS. The encryption is done on the browser (on the phone) and the only way to prevent it would be to prevent access to the server on an IP address basis. I don't see what's so different about the BlackBerry.
Quote from: pctech on Aug 02, 2010, 03:10:19
Here is the problem.
Thanks for the explanation, Mitch. :thumb: :karma:
Yes, indeed. :thumb:
Quote from: gizmo71 on Aug 02, 2010, 07:32:54
Yep, exactly the same as would happen if I used a 'normal web-phone' and logged onto my Yahoo!!!!!!!!! Mail account over HTTPS. The encryption is done on the browser (on the phone) and the only way to prevent it would be to prevent access to the server on an IP address basis. I don't see what's so different about the BlackBerry.
If one of these regimes shouted loudly enough Yahoo would roll over and allow server access whereas RIM have always told governments to take a walk.
It would seem the controls have recently been tightened somewhat.
Looks like Saudi is following suit http://www.bbc.co.uk/news/world-middle-east-10830485
Does Russia allow them?
Pass but if it does it probably won't be for long now.
I expect it'll backfire because people won't want to do business in Dubai anymore as I bet the multi-billionaire business magnates will be up in arms about this.
Watch this space, eh? :)
Yes
As part of my job I support an audio conferencing system and it just won't work in any of the Gulf states.
We tried disabling firewalls, AV and everything and then it became clear it was beyond the user's machine so I started looking into the regulatory structure long before it was discussed on any TV programmes and they ban any kind of audio conferencing or Skype to protect the income of the local state owneed telco which charges a fortune for international calls.
I bet BT is very jealous.
Quote from: pctech on Aug 02, 2010, 13:19:50
protect the income of the local state owneed telco which charges a fortune for international calls.
Not to mention pay for the vast army of spooks who sit listening for subversive phone calls to western imperialist heathens.
Yep.
I would never want to visit or live in places such as that but then again our previous administration was looking at introducing similar measures at one point I seem to remember.
And the present one may still do so. :(
My feelings on the subject are mixed as while I'm all for throwing every piece of technology at breaking up paedophile rings who do not have a place in society or on the Internet I am aware that such technology can also be abused for other purposes.
Time to get a satellite phone for when your on holiday then?
Could you not just cheat and use a proxy?
On topic though, I thought the problem was, that those in the data centres could read your emails? :dunno:
A friend use to joke about how he could read peoples Vodafone messages at work. Suffice to say his girlfriend did not get a phone with that company just in case. :D
RIM have just signed an agreement with India to give them access to the data.
http://www.theregister.co.uk/2010/08/03/rim_india_kuwait/
Interesting move. Do we know what their deal with the UK is?
They have a site in the UK so I suspect they struck a deal with the UK Government.
The old rollover game. ;)
Probably.
It was part of the planning
http://www.theregister.co.uk/2010/08/09/rim_saudi_arabia/
Looks like RIM has agreed to site servers within Saudi Arabia now.
Almost inevitable, I guess.
As I said before I suppose the reason they are allowed here is that the Police can bust into RIM's DC if they want and that's what the Saudis want to be able to do.