Dubai's Police Chief Calls BlackBerry a Spy Tool

crimeandpunishment writes "Does the battle over the Blackberry ban in the United Arab Emirates have its roots in a spy story? Dubai's police chief says concern over espionage (specifically, by the US and Israel) led to the decision to limit BlackBerry services. The UAE says it will block BlackBerry email, messaging, and web services on October 11th unless it gets access to encrypted data. Comments by Lt. Gen. Dahi Khalfan Tamim are often seen as reflecting the views of Dubai's leadership, and would appear to indicate a very hard line in talks with Research in Motion."

Shoes a spy tool

[Dyinobal]

Shoes are also a well known spy tool. 99.999% of all spys use them.

Re:Shoes a spy tool

[erroneus]

It's not "weird" but it certainly calls attention to an interesting duality of standards. The people of the U.S. aren't quite as concerned when its own government does the things it does, but we tend to go ape shit when other governments do the same or even a lesser version of the same. We call it wrong and anti-freedom and all that while at the same time, we justify to ourselves that it is somehow okay for our own government to do this. I'm sure I will never see the day when people finally wake up to reality, but I hope they do.

Re:Shoes a spy tool

[pitchpipe]

Why is it so weird when other countries in turn demand the same kind of access? If US wants to promote privacy of citizens, at least start doing it yourself first.

Just because our country does it, doesn't mean that we don't oppose it. We oppose violation of privacy in all its forms, including our own government's.

Re:Shoes a spy tool

[JustOK]

sorry, my shoe is ringing.

Re:Shoes a spy tool

[icebike]

So you are saying that my private encryption key on my blackberry has been turned over to the US government?

You do know how it works do you not?
http://na.blackberry.com/eng/ataglance/security/features.jsp

Its my security key. Not Rims.

Re:Shoes a spy tool

[HungryHobo]

From the link you posted, did you even read that?
Or do you not use the system you posted?

"The BlackBerry Enterprise Solution offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES)*, for all data transmitted between BlackBerry® Enterprise Server and BlackBerry smartphones.

Private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Each secret key is stored only in the user's secure enterprise account (i.e., Microsoft® Exchange, IBM® Lotus® Domino® or Novell® GroupWise®) and on their BlackBerry smartphone and can be regenerated wirelessly by the user.

Data sent to the BlackBerry smartphone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the user's mailbox. The encrypted information travels securely across the network to the smartphone where it is decrypted with the key stored there."

Storing your private key in 2 places is traditionally a bad idea. Especially when one of those places is in the hands of a company which can be compelled to hand it over without telling you.

If the goal were to simply be able to send data securely between your secure enterprise account and your blackberry then your secure enterprise account should only have your public key with which to encrypt data it sends to you and your private key should remain in your hands and your hands alone.
Idealy the secure enterprise account shouldn't be able to decrypt your data at all.

Now this could be for the sake of efficiency since public key crypto takes more cpu cycles but simply put if the US government asked for your private key, lets say they sent an NSL, RIM would be able to give it to them.
That is not a secure system.
A secure system would be one where only you have your private key and where blackberry merely validates certificates.
In which case anyone who wanted to read your communications would have to perform an explicit man in the middle attack after strong-arming blackberry into signing a cert for them.

So to make it genuinely secure you'd have to use public key crypto and let people choose their own certificate service in which case it would be as secure as the cert service and devices themselves.

So you are saying that my private encryption key on my blackberry has been turned over to the US government?

Simply put, if they asked for it then yes, there's nothing stopping that.

Re:Shoes a spy tool

[gtall]

Reminds me of a joke. Three Business School Product were sitting down at lunch and all were trying to show how technologically advanced their companies were. One guy starts tapping his fingers and then puts his thumb near his ear and his pinkie by his mouth and starts talking. Then he says goodbye and explains to his amazed buddies that his company had installed phones in their hands and their fingers do the dialing. One of the others, not to be outdone, starts touching various teeth with his tongue, looking very odd. Then he starts talking, says goodbye, and explains his company has installed phones in their teeth. The third fellow, feeling a bit behind the times, lets out a rip-roaring fart that wakes the dead. He quickly takes his leave to go the bathroom because a fax has just come in.

Re:Shoes a spy tool

[jc42]

What is the relation of shoes to this topic at all? Discussion was not about shoes and the TS was trying to make fun of the main topic.

Exactly. And public ridicule is often a very appropriate way to deal with such "Ban it all" approaches.

A local example: Here in Massachusetts, the courthouses have installed metal detectors in the doorways over the past few years. There were news reports explaining that a huge number of weapons (over 17,000 in one report) had been confiscated from people entering the courthouses in the previous year. Some local reporters got a bit curious about this and interviewed some of the managers, who were audibly reluctant to answer questions about just what kinds of weapons people had tried to bring into the courthouses. After a while, the interviewers finally got an admission of what these weapons were: "pocket knives, of the Swiss Army type".

That's right, they were classifying pocket knives as "weapons". And when pressed to admit this, they described such knives with phrasing intended to make them sound like military weapons.

It's quite common for security folks to use this sort of PR tactic to make it sound like they're detecting huge rates of attacks from people intent on doing harm. Similarly, when we've got the details of the ongoing huge numbers of computer "hacker attacks", it has sometimes turned out that they're counting incoming pings as "attacks", probes in the same class as port scans.

When we hear or read vague language like "spy tool" to describe threats, we should always suspect that they're including normal, everyday uses of tools in this catchall classification. We should try to learn more details of what they're really talking about, and how they're planning to deal with it. Ridiculing them by pointing out that shoes are also "spy tools" is quite appropriate, to highlight the misleading nature of that phrase. Similarly, pings are "hacker tools" and pocket knives are "Army type weapons". This sort of misuse of language is a standard propaganda tool that should be exposed.

nice marketing

[fadethepolice]

all the news lately makes me want to buy a blackberry.

a system that pays attention to impenetrability

[circletimessquare]

in countries that pay a premium on authoritarianism?

the only thing i wonder is why is this story happening in 2010 and not earlier?

Re:a system that pays attention to impenetrability

[lewko]

Spoken like a true Arab Minister for Propaganda.

Step 1: Blame Israelis.

Step 2: Clamp down on your own citizens.

Step 3: Repeat.

Re:a system that pays attention to impenetrability

[the_womble]

God does not want people to breach state mandated monopolies? What next - God supported Stalin?

Artists made a living for millennia before copyright law.

Many professional programmers choose to make limited use of copyright protection (open source licences) or even waive them altogether (stuff like SQLite that is public domain).

Re:a system that pays attention to impenetrability

[the_womble]

As the GP pointed out, Israeli intelligence actually murdered people in Dubai. Given that, they do have a reason to be a bit wary of the risks posed.

OF course it is a nasty feudal dictatorship, with a modern gloss to hide its underlying backwardness, but it still has genuine enimies.

Is there anything special about RIM security?

[sl149q]

What is so special about RIM security (speaking as a non-RIM user here...)?

If I have a Blackberry (or any smartphone, say Android or iPhone) don't I just point at a mail server with IMAP and pick up stuff with SSL/TLS? Are the "spies" so stupid that they wouldn't just point a a non RIM mail server?

And as mentioned above then you can start using PGP for the content as well.

Re:Is there anything special about RIM security?

[oiron]

Another non-blackberry user here, but from what I understand, what they provide is something like PGP on top of mail; your message gets encrypted using a private/public key system such that it's not vulnerable to man-in-the-middle attacks, which SSL/TLS (https/imaps) can be susceptible to.

Re:Is there anything special about RIM security?

[Lehk228]

the blackberry connects to RIM and RIM connects to your email, or if you are corporate the blackberry points to the corporate BES server, the link between the handset and RIM or between the handset and your company's BES server is heavilly encrypted, and in the case of BES servers even RIM cannot access the data, only your company's security staff and other authorized users, making it suitable for communicating confidential and trade secret information that a regular smartphone should not be handling. BES is also able to remotely control security settings and initiate a secure wipe.

Re:Is there anything special about RIM security?

[drolli]

Also speaking as a non-RIM user:

does your phone warn you if you encounter a changed ssl certificate for the domain your mail client is connecting to?

Re:Politically prompted?

[ToasterMonkey]

So if RIM were a Chinese company, or better - Iranian, or say head quartered in Dubai, would you have any problems with BlackBerries being used by the majority of our government officials & heads of industry? These people have more than enough reason to be wary of our intelligence services.
Without knowing any specifics, you should at least have a _little_ faith in their (our intel) capabilities. It's just a little silly to think the rest of the world is just a bunch of tinfoil hat types when it's no secret that we, and everybody else do pay people to collect information on, stuff. AKA spy.

Re:We're worried you're spys because

[Nursie]

You mean just like the US and UK governments do through legal or extra-legal means? Installing data taps in ISP and telephone providers operations centres? Demanding encryption keys from companies and private citizens alike?

Let's not pretend that these are tinpot developing nations - these guys are following the example set by #1!

If only he knew.

[stalkedlongtime]

It's

Let's try this again. "If only he knew..."

[stalkedlongtime]

It's practically a given that TEMPEST-like capabilities moved to satellites, decades ago. Combine that with ECHELON or something like it, and everything that everyone is displaying on their screens (Internet-connected or not) is probably being hoovered up by at least one intelligence agency. Including what's on the screens of those precious Blackberries.

One single mistake and BB/RIM will be doomed

[Ilgaz]

Everyone in civilized/democratic places, especially large businesses which are RIM's real market are watching these news.

If Blackberry is magically loved in those territories, it means they handed the keys to them and people will immediately think they are _already_ being watched for a long time.

I really think RIM should consider getting OUT of these markets instead of losing the image of secure communications. Once they lose it, it will be like a domino.

Look to Youtube, a certain country said "pull this video, pull that, setup office here, pay taxes". You know what Youtube did? Ignored! Don't they lose money/marketshare? Of course they do.

It is a closed system, that is where they lose. Nokia or Apple can say "hey, they are enabling SSL on IMAP, there is absolutely nothing we can do." RIM, as there is a central server, can't do it.

It is always and always about open standards.

Re:One single mistake and BB/RIM will be doomed

[mxs]

Look to Youtube, a certain country said "pull this video, pull that, setup office here, pay taxes". You know what Youtube did? Ignored! Don't they lose money/marketshare? Of course they do.

Sorry to burst your bubble, but that is simply not true. Try surfing YouTube in Germany, for instance. Lots and LOTS of videos are pulled or "not available in your country", they do pay out some local media conglomerates, and, guess what, Google has offices here too.

Re:Let's try this again. "If only he knew..."

[Panaflex]

TEMPEST at a few hundred feet is pretty remarkable... you think it can be done in a satellite 50 miles high? Plus there's considerations such as the van allen belt and the ionosphere acting upon wavelength propagation, never mind the noise and attenuation distortions wielded upon an 2GHz+ clock rate of a typical system bus, or voltage balanced and shielded video cables at such great distances.

Now if you're thinking about satellite sweeping for wifi or cellular then it would be almost a given and certainly has a precedent - but otherwise I'm unconvinced that something could filter though a trashheap of digital noise from that distance.

Re:Politically prompted?

[Peeteriz]

RIM has made it known that they are giving the encryption keys to BlackBerry communications to various governments - ergo, it makes some sense for Saudi Arabia to say that Saudi businessmen are not allowed to use them despite the convenience, due to risk of business espionage by foreign governments.

quality of the tool depends on the user

[ChipMonk]

In the hands of a skilled person, including a skilled spy, anything can be useful for any purpose. Even a common orange has its place in a spy's toolkit. Do you really think that's chewing gum in his mouth?

Every tool has uses that conformists never ponder. Critical thinkers are already ahead of the curve of every government. Of course, no government is willing to admit it (out loud).

Re:PGP

[TyFoN]

And with APG and k9mail on Android this is simple to use on a mobile phone. I bet the UAE (and the USA) government would have a fit if everyone sent emails with 4096 bit encryption.

Hit submit by accident

[Sycraft-fu]

What I was also going to say is: If I was a counter-intelligence chief and particularly one in a country where the government could force their will internally easier than the US, and I was concerned about a device being used to spy, I'd push to have the device banned. We'd work to get rid of them and run public education campaigns letting people know that they could be spied on using them. That is how to make it safe. I wouldn't ask for access to the data. That gets me nothing in terms of preventing others from using it.

It would be like upon finding out that someone had bugged private political offices going to the person who planted the bugs and not arresting them, but saying "It's cool, just let me listen in too." If I wanted to stop the spying, I'd remove the bugs and arrest the person who placed them.

If you do that, you aren't concerned about stopping spying, you are the one who wants to do the spying.

Re:RIM is Canadian.

[AHuxley]

A Canadian company has to bend over to to wishes of the Canadian gov that enjoys working with the NSA.
Canada did consider going it alone for crypto after ww2, the the US and the UK both had reasons to pull Canada back in.
The US did not want an intel free for all between the UK and Canada. So the US/NSA worked very hard to make sure Canada got crypto and intel as did the UK, NZ and Australia. The gift back was very close, long term work. The idea that Canadian crypto work, public or private was ever outside "US demands" over many decades would be very very strange.

Dubai's Police Chief Calls BlackBerry a Spy Tool

[IorDMUX]

Very well.

I call Dubai's police chief a Tool.

Re:i'm so sick of this equivalency

[Nursie]

"let's get this straight right off: there never existed, does not exist, and never will exist a government that does not spy on its citizens
do you understand that? it's called law enforcement."

FAIL.

Law enforcement doesn't need to spy and should not spy without reason and a court order. It is spying and watching as a matter of course,, prying into everyone's lives for no reason, that is the issue here.

And for fuck's sake lay off the "you just try that in iran and china!" line, it makes you look like a moron. Being better than some of the most repressive regimes on the planet isn't enough for me, is it enough for you?

The west already wiretaps Blackberry emails

Western intelligence services already have access to Blackberry servers - and had for years.

Beyond actual wiretap API interfaces provided by RIM there's also a net of broad packet-capture: as had been documented in detail here on Slashdot, AT&T had been running raw, spliced optical cables straight to the NSA headquarters since late 2001, carrying most of the raw IP traffic in the USA - including most unencrypted Blackberry emails as well.

Any new encrypted service that offers no access for intelligence and police you are hearing repeat stories about how they support terrorists or criminals - until they provide that access. (In most western countries companies are obliged to offer wire-tap access to authorities: Germany, UK and USA are amongst them)

The general public will rarely hear about actual usage of these broad wiretaps - as it's covered in secrecy with 'national security letters' and their legal equivalents.

While you might dismiss the UAE's concerns with "it's not a democracy", lets look at a similar case: India's problem with not being able to wiretap Blackberry phones - in the wake of the Bombay terrorist attacks that left 150+ people dead. (India's 911, so to speak.)

So how can we in the West deny India (the world's largest democracy) access to unencrypted Blackberry traffic for criminal, security and military reasons, without being hypocrites?

Conversely, how would western intelligence agencies react if Blackberry were run by an indian company and all the servers were in India, and India refused access to unencrypted emails?

Can you answer these questions fairly and consistently?

The real issue

[lewko]

Dubai's police chief says concern over espionage (specifically, by the US and Israel) led to the decision to limit BlackBerry services.

Well of course he would say that. Despotic Arab regimes have always used the US and Israel as an excuse for their own totalitarianism and oppression of minorities.

The article details the real reason, as if it wasn't obvious:
Tamim told a conference on information technology that the proposed BlackBerry curbs are also "meant to control false rumors and defamation of public figures due to the absence of surveillance,"

Translation: It promotes freedom of expression, and limits the government's ability to control its people, which frightens the shit out of Arab dictators.

Re:The real issue

[ScrewMaster]

Except smartass, this time Israeli spies really did land in Dubai, use Blackberries, assassinated someone and left.

Dubai police can't decrypt the messages sent by the spies.

DO YOU SEE THE PROBLEM? OR ARE YOU TOO MUCH OF AN AMERIC*NT TO FIGURE IT OUT?

Yes, because of course a highly-trained and experienced Israeli hit squad couldn't have just used regular unencrypted voice telephony to complete their mission. They hardly needed Blackberries, assuming they really did what they're accused of (not saying they didn't, nor do I care for that matter.) All that will happen is that the Israelis, the next time they decide to whack someone in Dubai, won't bother using Blackberries. For that matter, now that they know the things are being monitored, they can probably use that fact for some misdirection. Consequently, this has no benefit to the UAE so far as a defense from Israeli spies is concerned. Not much good so far as internal threats go, I might add, now that everyone knows what's going on. So spare us your stupid anti-American commentary. This has nothing to do with the U.S., has nothing to do with Israel, this has to do with yet another government afraid of its own people.

DO YOU GET THAT? OR ARE YOU TOO MUCH OF AN IDIOT TO FIGURE IT OUT?

Rhetorical question.

India

[guyminuslife]

Is it just me, or is it that since RIM's shown that they'd give ground to world governments (even if it's a face-saving maneuver, as some here have said), that everybody and their brother now wants access to their servers?

Nothing to do with it ...

[daveime]

Having spent a couple of years in the UAE back in the 90's, I can tell you the ban has NOTHING to do with spying, and everything to do with Etisalat (the national phone company) desire to control all aspects of IT in the country.

Years ago, at the advent of the mobile, you could get one (1) model of phone in Abu Dhabi ... the "Hud Hud 1" was the model name, I remember it fondly, with it's external antenna that almost took your eye out, and it's inability to hold a call for more than 5 minutes. You couldn't even use it indoors, I had to sit outside in the bloody desert with only camel spiders for company, to call my girlfriend who worked in Abu Dhabi city. Text hadn't even been invented, so it was calls only.

There was one (1) phone model, one (1) line provider, one (1) internet provider, one (1) e-mail service, and it was All Etisalat provided.

Now, 12 years, later, there is a few more phone models, but still only one (1) line provider, one (1) internet provider, one (1) e-mail service ... wanna take a guess who it is ?

Whichever of Sheikh Khalifa's brothers is running Etisalat doesn't want his business fucked up, and the possibility of anyone using IT without Etisalat getting their pound of flesh is unthinkable. THAT is why they are putting the screws on RIM.

Re:Politically prompted?

[Runaway1956]

Seventy years? You think you have to go that far back to find a dictatorship? Read current events, and you can find one totalitarian state in existence right now in Korea. At least 3 repressive theocracies, in existence, right now. We can list some de facto dictatorships in the last 40 years, no matter the names they used for their nations and/or governments. Pol Pot and Idi Amin come readily to mind, as does Saddam Hussein. Maybe people like yourself don't recognize a dictatorship unless and until they kill off a million or more people. Even so - Pol Pot's government should have caught your notice!

Re:Only if they were dumb about it

[DDLKermit007]

Well China is a fairly easy target to beatup. Seeing as how government officials have repeatedly been showing willingness to screw over one party, or a foreign business group for the benefit of someone they know. There, the government is just a partner of your business. If they aren't? You can bet your ass they'll be helping your competitor because you wern't in lock step with them.

Re:Politically prompted?

[HungryHobo]

http://www.planetrulers.com/current-dictators/

authoritarian regimes/dictatorships

Algeria - Abdelaziz Bouteflika, President of Algeria
Angola - Mr. Jose Eduardo dos Santos, President of Angola
Azerbaijan - Ilham Aliyev, President of Azerbaijan
Belarus - Aleksandr Lukashenko, President of Belarus
Bhutan - Jigme Khesar Namgyal Wangchuck, King of Bhutan
Brunei - Sultan Haji Hassanal Bolkiah Mu'izzaddin Waddaulah
Cambodia - His Majesty King Norodom Sihamoni, King of Cambodia
Cameroon - Paul Biya, President of Cameroon
Chad - Idriss Deby, President of Chad
China - Hu Jintao, President of China
Congo, Dem. Rep. of - Isidore Mvouba, Prime Minister of Congo
Côte d'Ivoire - Laurent Gbagbo, President of Cote d'Ivoire
Cuba - Raul Castro, President of Cuba
Egypt - Hosny Mubarak, President of Egypt
Equatorial Guinea - OBIANG NGUEMA MBASOGO, President
Eritrea - Isaias Afwerki, President of Eritrea
Guinea - Lansana Conte, President of Guinea
Iran - Mahmoud Ahmadi Nejad, President of Iran
Iraq - Jalal Talabani, President of Iraq
Kazakhstan - Nursultan Nazarbaev, President of Kazakhstan
Laos - Lieutenant General Choummaly Sayasone, President
Libya - Muammar Abu Minyar al-Gaddafi, Leader of Libya
Myanmar (Burma) - Soe Win, Prime Minister of Myanmar (Burma)
North Korea - Kim Jong-il, President of North Korea
Oman - Qaboos bin Said Al-Said, Prime Minister of Oman
Pakistan - Pervez Musharraf, President of Pakistan
Qatar - Sheikh Hamad Bin Jassim Bin Jabr Al-Thani
Russia - Dmitry Anatolyevich Medvedev, President of Russia
Rwanda - Paul Kagame, President of Rwanda
Saudi Arabia - King Fahd bin Abdul Aziz, King of Saudi Arabia
Somalia - Abdullahi Yusuf Ahmed, President of Somalia
Sudan - Omar H.A. Al-Bashier, President of Sudan
Swaziland - Mswati III, King of Swaziland
Syria - Bashar al-Assad, President of Syria
Tajikistan - Emomalii Rahmon, President of Tadjikistan
Thailand - Surayut Chulanon, Royal Prime Minister of Thailand
Togo - Faure Essozimna Gnassingbe, President of Togo
Tunisia - Zine el Abidine Ben Ali, President of Tunisia
Turkmenistan - Gurbanguly BERDIMUHAMEDOW, President of Turkmenistan
United Arab Emirates - Sheikh Khalifa bin Zayed Al Nahyan
Uzbekistan - Islam Abdughanievich Karimov, President of Uzbekistan
Vietnam - Nong Duc Manh, President of Vietnam
Zimbabwe - Robert (Gabriel) Mugabe, President of Zimbabwe