Editorial: Too Much Security?
by Volker Weber
[Rough translation from the original at heise.de]
So the UAE want to block BlackBerry. What a great endorsement for RIM.
IT security is difficult. One faction says: "this is all being transmitted through foreign data centers, we will lose all our secrets to the competition". The other party says: "no, this is encrypted end-to-end, nobody can get at the data". And they can never agree.
Now the UAE want to block BlackBerry starting in October. In Dubai, that wants to be a world trade center. And the Saudis follow suit. India has demanded access to BlackBerry data for years.
These countries have a good reason. They need to know what their subjects are talking to each other. SIGINT, SIGnal INTelligence. It seems they can achieve that with all other smartphones, but not with BlackBerry. Just last year, a UAE telco tried to offer a "system update" to its users, trying to install a spyware. RIM was furious.
The mighty BlackBerry isn't invincible. But if you don't install obscure software, it's obviously too secure for certain countries. On top of those threats to cut off BlackBerry traffic, there have been diplomatic rows. "Dear Canadians, you have a nice smartphone business going on there. It would be a shame if something happens."
As long as those threats don't go away, I wouldn't be too concerned with BlackBerry security.
Comments
Saudi Arabia has done the same.
Maybe RIM followed the Security guidelines. I recommend reading Bruce Schneier. Up and down. From page 1 to the end.
The Bruce comments on this issue:
This is a weird story for several reasons:
[..]
There's no reason to announce the ban over a month before it goes into effect, other than to prod RIM to respond in some way.
[..]
India, China, and Russia threatened to kick BlackBerrys out for this reason, but relented when RIM agreed to "address concerns," which is code for "allowed them to eavesdrop."
[..]
RIM is providing a communications service. While the data is encrypted between RIM's servers and the BlackBerrys, it has to be encrypted by RIM -- so RIM has access to the plaintext. In any case, RIM has already demonstrated that it has the technical ability to address the UAE's concerns. Like the apocryphal story about Churchill and Lady Astor, all that's left is to agree on a price.
Oh, and some of the comments on Bruce Schneier's blog entry make an interesting reading, as well.
I am afraid it shows that Bruce is an excellent writer but he does not understand the BB architecture.
He doesn't mind being corrected, so don't hesitate to write him at schneier ät schneier döt com.
