Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dubai's Police Chief Calls BlackBerry a Spy Tool

Posted by Soulskill on from the my-name-is-michael-westen dept.

crimeandpunishment writes "Does the battle over the Blackberry ban in the United Arab Emirates have its roots in a spy story? Dubai's police chief says concern over espionage (specifically, by the US and Israel) led to the decision to limit BlackBerry services. The UAE says it will block BlackBerry email, messaging, and web services on October 11th unless it gets access to encrypted data. Comments by Lt. Gen. Dahi Khalfan Tamim are often seen as reflecting the views of Dubai's leadership, and would appear to indicate a very hard line in talks with Research in Motion."

4 of 215 comments (clear)

  1. One single mistake and BB/RIM will be doomed by Ilgaz · · Score: 5, Insightful

    Everyone in civilized/democratic places, especially large businesses which are RIM's real market are watching these news.

    If Blackberry is magically loved in those territories, it means they handed the keys to them and people will immediately think they are _already_ being watched for a long time.

    I really think RIM should consider getting OUT of these markets instead of losing the image of secure communications. Once they lose it, it will be like a domino.

    Look to Youtube, a certain country said "pull this video, pull that, setup office here, pay taxes". You know what Youtube did? Ignored! Don't they lose money/marketshare? Of course they do.

    It is a closed system, that is where they lose. Nokia or Apple can say "hey, they are enabling SSL on IMAP, there is absolutely nothing we can do." RIM, as there is a central server, can't do it.

    It is always and always about open standards.

  2. Nothing to do with it ... by daveime · · Score: 5, Interesting

    Having spent a couple of years in the UAE back in the 90's, I can tell you the ban has NOTHING to do with spying, and everything to do with Etisalat (the national phone company) desire to control all aspects of IT in the country.

    Years ago, at the advent of the mobile, you could get one (1) model of phone in Abu Dhabi ... the "Hud Hud 1" was the model name, I remember it fondly, with it's external antenna that almost took your eye out, and it's inability to hold a call for more than 5 minutes. You couldn't even use it indoors, I had to sit outside in the bloody desert with only camel spiders for company, to call my girlfriend who worked in Abu Dhabi city. Text hadn't even been invented, so it was calls only.

    There was one (1) phone model, one (1) line provider, one (1) internet provider, one (1) e-mail service, and it was All Etisalat provided.

    Now, 12 years, later, there is a few more phone models, but still only one (1) line provider, one (1) internet provider, one (1) e-mail service ... wanna take a guess who it is ?

    Whichever of Sheikh Khalifa's brothers is running Etisalat doesn't want his business fucked up, and the possibility of anyone using IT without Etisalat getting their pound of flesh is unthinkable. THAT is why they are putting the screws on RIM.

  3. Re:Shoes a spy tool by HungryHobo · · Score: 5, Insightful

    From the link you posted, did you even read that?
    Or do you not use the system you posted?

    "The BlackBerry Enterprise Solution offers two transport encryption options, Advanced Encryption Standard (AES) and Triple Data Encryption Standard (Triple DES)*, for all data transmitted between BlackBerry® Enterprise Server and BlackBerry smartphones.

    Private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Each secret key is stored only in the user's secure enterprise account (i.e., Microsoft® Exchange, IBM® Lotus® Domino® or Novell® GroupWise®) and on their BlackBerry smartphone and can be regenerated wirelessly by the user.

    Data sent to the BlackBerry smartphone is encrypted by BlackBerry Enterprise Server using the private key retrieved from the user's mailbox. The encrypted information travels securely across the network to the smartphone where it is decrypted with the key stored there."

    Storing your private key in 2 places is traditionally a bad idea. Especially when one of those places is in the hands of a company which can be compelled to hand it over without telling you.

    If the goal were to simply be able to send data securely between your secure enterprise account and your blackberry then your secure enterprise account should only have your public key with which to encrypt data it sends to you and your private key should remain in your hands and your hands alone.
    Idealy the secure enterprise account shouldn't be able to decrypt your data at all.

    Now this could be for the sake of efficiency since public key crypto takes more cpu cycles but simply put if the US government asked for your private key, lets say they sent an NSL, RIM would be able to give it to them.
    That is not a secure system.
    A secure system would be one where only you have your private key and where blackberry merely validates certificates.
    In which case anyone who wanted to read your communications would have to perform an explicit man in the middle attack after strong-arming blackberry into signing a cert for them.

    So to make it genuinely secure you'd have to use public key crypto and let people choose their own certificate service in which case it would be as secure as the cert service and devices themselves.

    So you are saying that my private encryption key on my blackberry has been turned over to the US government?

    Simply put, if they asked for it then yes, there's nothing stopping that.

  4. Re:Shoes a spy tool by jc42 · · Score: 5, Insightful

    What is the relation of shoes to this topic at all? Discussion was not about shoes and the TS was trying to make fun of the main topic.

    Exactly. And public ridicule is often a very appropriate way to deal with such "Ban it all" approaches.

    A local example: Here in Massachusetts, the courthouses have installed metal detectors in the doorways over the past few years. There were news reports explaining that a huge number of weapons (over 17,000 in one report) had been confiscated from people entering the courthouses in the previous year. Some local reporters got a bit curious about this and interviewed some of the managers, who were audibly reluctant to answer questions about just what kinds of weapons people had tried to bring into the courthouses. After a while, the interviewers finally got an admission of what these weapons were: "pocket knives, of the Swiss Army type".

    That's right, they were classifying pocket knives as "weapons". And when pressed to admit this, they described such knives with phrasing intended to make them sound like military weapons.

    It's quite common for security folks to use this sort of PR tactic to make it sound like they're detecting huge rates of attacks from people intent on doing harm. Similarly, when we've got the details of the ongoing huge numbers of computer "hacker attacks", it has sometimes turned out that they're counting incoming pings as "attacks", probes in the same class as port scans.

    When we hear or read vague language like "spy tool" to describe threats, we should always suspect that they're including normal, everyday uses of tools in this catchall classification. We should try to learn more details of what they're really talking about, and how they're planning to deal with it. Ridiculing them by pointing out that shoes are also "spy tools" is quite appropriate, to highlight the misleading nature of that phrase. Similarly, pings are "hacker tools" and pocket knives are "Army type weapons". This sort of misuse of language is a standard propaganda tool that should be exposed.

    --
    Those who do study history are doomed to stand helplessly by while everyone else repeats it.