Slashdot Mirror
Saudi Says RIM Deal Reached; BlackBerry OK, If We Can Read the Messages
crimeandpunishment writes "There's a deal on the table to avert a ban on Blackberry's messenger service in Saudi Arabia. A Saudi regulatory official, speaking on the condition of anonymity, told the Associated Press the deal involves placing a server in Saudi Arabia ... and letting the government monitor users' messages, easing Saudi concerns over security and criminal usage. The deal could have wide-ranging implications, given how many other countries have expressed similar concerns, or in the case of the United Arab Emirates, have threatened to block Blackberry email and messaging services." Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.
Guess they don't have any backbone to just drop the country and let the end-users take action.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
I'm glad I have it.
(At least for now... my fellow US citizens seem to be completely blind to the forces at work to destroy our privacy.)
"Be prepared, son. That's my motto. Be prepared." --Joe Hallenbeck
really, that's all that needs to be said.
fwiw, I have lost all respect for RIM and will not buy their products for my own personal use. they were on the high moral ground for a while but now that they've caved in, they are no different than the other 'carriers'.
their security is now rendered 'untrustable'. what a shame.
another one bites the dust.
--
"It is now safe to switch off your computer."
I see how this solution would work for customers of Saudi mobile operators, whose phones would be pre-configured to use the 'local' BB server. What about travellers from other countries - would they have to go into their phone and manually re-configure it to contact the Saudi BB Server? Would that basically be the same steps as if you were setting up to use a corporate-owned BB Server? What if you already use a corporate BB Server? Will your messages be blocked? If the email account you are trying to check is your company email account, and the only way to access it is through the company-owned Enterprise BB Server, are you S.O.L.?
You give up certain rights when you travel to a foreign country.
“Common sense is not so common.” — Voltaire
but is corporate willing to give them up? maybe not and they will need to find away around it or say no e-mail for workers that are in that country.
Why should RIM care if they make sales? Businesses only worry about ethics when they might cause a reduction in profits. NGOs and individuals I expect to have ethics, but not corporations. Where does "backbone" come into running a business?
Canada and USA and a lot of other countries trade with Saudia Arabia, I haven't seen them declaring trade embargoes over Saudia Arabia's human rights issues either.
Personally I'd prefer it if companies (and countries) behaved ethically but from I've read over the last couple of decades this doesn't seem to be something they voluntarily indulge in.
reached a virtual standstill when the maintainers told Saudi Arabia to "stick it".
RIM is probably one of the few companies who can make that claim, that they don't even have access to messages.
But on the other hand, in Saudi Arabia, "driving while female" is "criminal', so their claims are suspect at best.
Saudi Arabia controls the telecom infrastructure, and can tap it easily.
Oh, you mean the unencrypted messages - that's something else.
Perhaps the governments of UAE and India would be satisfied, too, if only they had access to the messages transmitted.
But of course. Like this guy has mentioned here. It's all about getting a server established in India.
Are you sure your country doesn't have such a deal? I can imagine how the talks went:
"We are going to ban your hardware, because we can't listen in."
"Why did you not say that earlier. Here is a server so you can listen in on everything. Oh and here are the keys for the backdoors, so you don't need to call us again."
It is becoming scary how we all start to accept how easy and normal it is to gather information and listen in on people. Some people would call it privacy, I call it personal freedom and I will try to defend it as much as I can.
Don't fight for your country, if your country does not fight for you.
Architecturally, it looks like this deal will affect only BIS users, the ones that just walk up to the Phones-r-us kiosk and buy a blackberry and service plan. It won't have any effect on corporate customers running BES servers, since those have their own keys, and devices talking to them won't be dealing with the BIS servers being set up in Saudi Arabia.
Thus, the customers most likely to complain, and make their complaints felt in the pocketbook, are unaffected, while the little people are ever more transparent.
All of this hubbub comes around the time of the big Wikileaks document release.
What does it say about us that not only do our governments want to keep secrets "safe" from us, but that for us to be able to keep secrets is dangerous.
The only difference is that they presume themselves innocent, and presume us guilty.
There are some universal rights. Among them should be that no government should have the right to go on fishing expeditions through private communications. That isn't universally recognized, but hopefully we can get there.
Of course, the nations of the Middle East (Saudi Arabia, Egypt, Israel, Jordan, etc.) all commit far more serious human rights violations than merely digging through people's Blackberry messages, but still...
I wholeheartedly agree with you that companies should behave ethically but it appears from experience that they rarely do this voluntarily.
Hence my noting that there is no governmental embargo in place over Saudia Arabia's privacy / tapping position or other human rights records. Governments could provide the lead, but the message they are sending out is "no problem, do as you will". RIM could argue that they are behaving within the law, and their government is not either providing direct advice, legal restrictions or leading by an example which suggests they should behave other than are doing.
Maybe I should do research, but if I have a blackberry with enterprise activation syncing with my work email, is that using a RIM owned server or a server with my company? If it is a private owned server, how can RIM give anybody access to the messages?
Also, if I use activesync on my iphone does apple have access to my messages?
I don't know about Saudi and UAE, but India is primarily concerned about this because of terrorism. Many of the recent bomb blasts were triggered by cell phones, all of which were registered under fake identities. Hence the concern. Look at how many attacks have happened in India: http://en.wikipedia.org/wiki/Chronology_of_major_terrorist_incidents_in_India
"Do not confuse the unusual with the impossible" - Psmith
Tell the Saudis the servers are chock full of pictures of Mohammed. That should keep them out.
just give me a way to move my bits where I want, and I'll take care of my own encryption, thank you very much. trusting any vendor to provide secure encryption is truly naive.
Since RIM has built its reputation on secure communications, the ethical choice may also be the profitable choice. It is possible that by standing by their principles, RIM could acquire new customers that may offset any loss in customers that a ban in Saudi Arabia might cause.
Also, the Blackberry is a mature product that is quite pervasive in the business community and corporations are generally slow to migrate away from such integrated technologies. I think that it is more likely that companies will stop doing business IN Saudi Arabia. This does not mean that they stop doing business WITH Saudi Arabia, but I can see Saudi Arabia's hotel and tourist industry taking more of hit than RIM. I think that it will be easier for most to stay away from Saudi Arabia than to give up their Blackberry's.
As a Canadian, I sincerely hope that RIM stands up to these Bullies. After all, this is just another example where, for the sake of "national security", the rights of the average person are trampled on. Meanwhile, those who are intent on doing harm have an entire arsenal of free and open source tools that are just as secure as the Blackberry (if not more so). This kind of invasion of privacy does nothing to stop, or even curtail, those who have evil intentions (and have half a brain).
On a final note, I can't believe that the headline has been "RIM banned in Saudi Arabia" . The headline should have been "Saudi Arabia monitoring all communications".
People deserve the freedom they get. Have you read the comments on BBC's article.
http://www.bbc.co.uk/news/technology-10899338
Let me quite a few:
Abu Mohd, Riyadh, Saudi Arabia
I am an expat living in Saudi Arabia. For me the Blackberry is key to staying in contact with my family and friends in a way that I cannot do with other messaging services. I hope Saudi Arabia and RIM solve this situation. There are many people that work here who are away from their families that use this service. This ban would be one more reason to not come here, it does not help to the development of this country.
Suresh Haridas, Al khobar, Saudi Arabia
BlackBerry made our life much easier, whether we are using e-mail, internet, or BBM. A lot of people/students such as myself who live thousands of miles away from their family and friends really depend on BBM as a convenient medium to communicate. There is nothing compared to BBM in terms of quickness, convenience, and cost. On the other hand, I understand why governments such as Saudi Arabia, UAE, and others feel threatened. However, I am wondering why BlackBerry does not help these countries in terms of monitoring data and using their own servers to get to encrypted information.
Rakan H, Riyadh, Saudi Arabia
I am one of the youths who owns a BlackBerry and I completely agree that it is a major step in my country to protect it against any terrorist or anything that might affect our security. Also I believe all countries like the US should consider the same thing, because it is a tool that can be used among those people who can get access to national security and cause terror to communities. It is a perfect tool for them, cutting it off worldwide will definitely reduce the amount of global issues occurring. If it is necessary to protect the country then why not!
Jim, Singapore
I am a Canadian, living in Dubai and dreading losing my Blackberry. Most people I know are aware of the high level of security in the UAE and appreciate the benefits it provides. I would much rather lose some personal freedoms than take a chance with security. RIM has to understand that Dubai is a transit point for trade and potentially terrorism. Its population is continuously changing as over 80% of its residents are foreigners. UAE's high level of security is in the interests of the West. I am hopeful for a positive resolution but am not brave enough to buy up all the handsets that are selling cheap.
Ara, Dubai, UAE
Whilst it's perfectly true that any invasion of personal privacy in the name of national security is usually resented, I don't really understand the sense of outrage on this one. After all, don't the western intelligence agencies have extensive gathering facilities for the same sort of thing? I don't see the Gulf states doing anything more than our own governments, like it or not.
One would assume that this is all pointless, since anybody could just use a web service via https.
However one would also assume that these governments control at least one trusted signing authority, so they can freely intercept any https.
A very large part of the sales appeal of a phone with an aging UI and an "uncool" form factor and a proprietary OS and limited app capability (why yes, I do have one) is precisely because it's "secure". That's why President Obama carries one.
Government and big business sales of the RIM phones are largely driven by "secure", more modern phones with more features and better UIs are available at the same price or cheaper.
Having "just" Saudi Arabia able to read Blackberry messages is like being "just" a little bit pregnant. RIM's product differentiation just disappeared... and by the time two more nations have built in wiretap capabilities thanks to RIM, their major customers will be switching to something else. IOW, they'll have destroyed their basic market for sales of a few thousand SKUs.
This is great news for Apple and Google and everyone making Android phones. If anyone wants to compete in the "secure" government and enterprise market, it's a matter of simply bundling crypto apps into the UI and making the setup easy and automatic.
As for RIM. I hope a smarter vendor picks up the touchpad when RIM goes down... IMO, it's superior to touch screen for small form-factor platforms. With a touchpad, you don't have to try to guess what's under your finger when you push the button.
Tech Public Policy stuff
FWIW, Saudi Arabia, UAE and India were all asking RIM for the same level of access to the underlying network that RIM already gave to USA and UK (and probably others).
Will the Committee for the Promotion of Virtue and the Prevention of Vice have access?
This makes a Blackberry useless for business purposes. In most of the countries involved, the Government itself owns major businesses. Nobody in the oil business would want to discuss anything related to a Government deal (which is most of them) over a Blackberry now.
I guess Dubai doesn't trust Halliburton anymore, then? Poor Dick Cheney, I hope he gets over it.
who got the RIM job?
Assuming you have a BES server in your organization...
Blackberries, AFAIK, send their data encrypted via the cell provider (RIM has servers on site?), then to RIM's central hub, and then to your BES server at your office, with high-grade end-to-end encryption.
"We're more secure" I think is their selling point.
How is that more secure, than say, an iPhone/Android communicating to an Exchange server directly over the internet but using quality SSL (ie, 2048 bit key, 128 bit AES, etc)?
Is direct, over the Internet communication with SSL encryption somehow not an issue for the Saudis or the other Arab nations? Is it somehow less secure against eavesdropping?
I can imagine there are some tertiary security issues (ie, with BES you wouldn't expose Exchange's SSL port to the internet), but I'm thinking the basic encryption between the handheld and the server.
I believe they can get a wiretap warrant and monitor what is going on with a given number. That is not surprising (or secret). However I don't believe they have any secret back door in to the handsets, or private BES units. They seem to use strong, FIPS validated, encryption which to the best of anyone's knowledge is not breakable. In fact the security of the handsets is one of the things the government loves to much about BB and why they are the biggest customer (the US government loves them some BlackBerrys).
It is one thing to say "Of course RIM cooperates with all lawful investigations." I'd expect nothing else, they don't really have a choice. However it is a different one to say "RIM has built in special back doors for a government can freely monitor what is going on."
Same kind of thing with your PC. The US government (I'm presuming you like in the US here) can monitor your Internet traffic with a warrant. They can have your ISP mirror everything you do so they can see it. Also, they can seize your PC with a warrant and sift through the data on it. However they can't have your PC spy on you automatically. Your PC does not have some built in back door that lets them get in to it remotely when they like. It does not give them any special monitoring access.
To put an analogy to a house, the government can get a warrant to survey your house (actually for most kinds they don't need a warrant), and they can get a warrant to search the house itself, and can require you to let them in when presented with this warrant. However they do not have a master key that lets them in to your house when they feel like, and do not have the right to just waltz in when they want with no reason.
The economy cannot sustain $10 per gallon fuel, thus would find other means of energy or oil extraction. That, or our taxes would be so much lower that it the $10 per gallon wouldn't bother us.
Anyone planning anything the Saudi's didn't like are not going to get caught using unencrypted or spyware infested RIM products or any other similar products. It's all cat and mouse where regular people are confused with criminals and terrorists.
Can that server be used in a replay attack against messages from U.S. blackberries?
is with winston churchill:
"No folly is more costly than the folly of intolerant idealism"
you have absolute truth apparently on your side, be damned everything else
what are you, some sort humanist taliban?
dude: you are as bad, if not worse, than whatever you hate in this world, because you think exactly the same way they do
you hate repression and torture? well, the guys doing the repression and torture are empowered with the same haughty arrogance about their beliefs as you have
get over your fucking self
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
If anybody didn't understand why the secret service took away Obama's crackberry, it should be pretty clear now.
fill != feel
They're not even proper homophones. Either you speak with a strong accent, or you're phonetically sloppy.
Your logic is ignored when your language is faulty. It's unfortunate, but true.
OK, RIM by means of its actions is 'not secure'.
Lets not forget once the 'read' the message, somebody is helping them find out the 'owners' details.
More co-operation. The Stasi would be proud of RIM.
Whatever patents are worthless, and someone else can jump into the hole.
I hope an 'app' comes along to send pseudo random scrambled messages with a frequency distribution with a fake 's' box signature that convinces someone it is a valid message, and wastes a whole lot of time to decrypt rubbish.
There are some universal rights.
But if they don't exist in many countries are they really that universal? What can you do about it beside bitch on the internet?
“Common sense is not so common.” — Voltaire
As a developer familiar with the Blackberry API and devices, I don't believe this "anonymous source" at all. Messages are encrypted on the device before they enter the network channel. It would be impossible for RIM to provide the Saudis or any other entity the ability to read these messages (outside of some hidden heretofore unknown backdoor which RIM has denied since its creation exists). It doesn't matter where in the world the server is (co)located.
Now, it is possible to turn off the cryptographic capabilities of the device via an IT policy. About every facet of the Blackberry device can be controlled upstream by carrier/owner installed policies, which is why it is so attractive in the enterprise. But this would be a "deal" between the Saudis and the telecos providing the devices and service. RIM doesn't control the carriers in the least, in fact, some of the stupid business descions made by RIM the last couple of years can be attributed to certain carriers, imho.
This whole story is rubbish from a technical standpoint.