Slashdot Mirror

← Back to Stories (view on slashdot.org)

BlackBerry Clears Hurdle For Voice Crypto Acquisition

Posted by samzenpus on from the still-going dept.

angry tapir writes BlackBerry is now free to integrate German security vendor Secusmart's voice encryption technology in its smartphones and software, after the German government approved its acquisition of the company. BlackBerry CEO John Chen still wants his company to be the first choice of CIOs that want nothing but the best security as he works to turn around the company's fortunes.

27 comments

  1. Unless end to end, it's a farce by sideslash · · Score: 2, Insightful

    Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add. Won't they be sharing keys with governments (and thus potentially hackers can get the same data)?

    The only secure encryption is end to end encryption where you understand and actively control/limit how the key transmission works.

    1. Re:Unless end to end, it's a farce by Anonymous Coward · · Score: 2, Insightful

      If the users don't generate and completely control their keys even end-to-end is a farce.

    2. Re:Unless end to end, it's a farce by Anonymous Coward · · Score: 1

      >Since multiple governments mandate that Blackberry share back doors with them

      Please tell me which ones and describe intricately how this works with the new (well, old now actually) phones. Articulate how it can affect a user not living in such a country and how it applies outside of specific business configurations. Also explain how it affects users entering that country for travel whose phone and business is setup in a country that does not have such back doors.

      As you can imagine, I asked you to do those things because I know you cannot. Stop spreading FUD.

    3. Re:Unless end to end, it's a farce by TheCastro1689 · · Score: 1

      http://www.theverge.com/2013/7... And BB also made similar deals with many other countries.

    4. Re:Unless end to end, it's a farce by Anonymous Coward · · Score: 1

      That article doesn't answer the questions at all.

      "Users" can be Indians, who are already monitored on all other platforms. Specifically, the only useful thing in that article:

      "BlackBerry is emphasizing that all of this surveillance is in accordance with local law — leaving the company with little choice — and also points out that its Enterprise Server customers won't have to worry about any direct monitoring. Authorities won't have access to email records of BES users, but they will be able to request information about which businesses are using the platform, according to the Times."

      Shows that BB phones are monitored less than the competition, where all users are monitored.

      Still waiting to see the confirmation that won't ever happen. sideslash is just full of FUD and bullshit.

    5. Re:Unless end to end, it's a farce by joemerritt9090 · · Score: 3, Informative

      Yes, the article that says "Authorities won't have access to email records of BES users". BES is the enterprise email offering, that allows a company to run the delivery system locally, with its own encryption keys. The system Indian wanted access to in that article is BIS, which delivered email for the average consumer (non-enterprise) on the old (pre BB10 / Z10) phones. The new phones no longer use that system (they download email directly now) as bandwidth and battery power savings were the strengths of that old design, and those weren't winning market share.

    6. Re:Unless end to end, it's a farce by acoustix · · Score: 2

      Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add. Won't they be sharing keys with governments (and thus potentially hackers can get the same data)?

      The only secure encryption is end to end encryption where you understand and actively control/limit how the key transmission works.

      This is a blatant lie. BES controls encryption from end-to-end. BB/RIM does not have the ability to see any traffic other than the encrypted traffic.

      --
      "A plan fiendishly clever in its intricacies"- Homer Simpson
    7. Re:Unless end to end, it's a farce by sideslash · · Score: 1

      This is a blatant lie.

      No, in fact it's a fundamental principle of infosec. Unless you keep keys close to your chest and perform tightly controlled, end to end encryption, there are opportunities for subpoenas by TLAs or for top tier hackers to compromise your keys. Trusting a middle man is a fundamental compromise in the provability of your security.

    8. Re:Unless end to end, it's a farce by Anonymous Coward · · Score: 1

      Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add.

      The encryption keys used by a BES server are generated by that BES server, and not by BB. As such, there is no key that BB can give to any govt which will decrypt any data sent between a BES and a connected BB phone.

    9. Re:Unless end to end, it's a farce by sideslash · · Score: 1

      The encryption keys used by a BES server are generated by that BES server, and not by BB. As such, there is no key that BB can give to any govt which will decrypt any data sent between a BES and a connected BB phone.

      You can substitute the BES server for BB in my remark (see, still trusting a third party), or you can recognize that BB still has control over software and software updates, and thus by definition is able to subvert the system. The most you can say is "Sure, they _can_, but I trust that they never _would_." And the infosec guys will shake their heads sadly at you.

  2. Don't believe the security. by Anonymous Coward · · Score: 0

    They allowed it by BlackBerry agreeing to install a backdoor for the German government.

  3. Which means... by Anonymous Coward · · Score: 0

    ...that the German secret service finally figured out how to crack that one.

  4. I guess the BND's backdoor by wiredog · · Score: 1

    Must be fairly good, then.

    --

    Best Slashdot Co
    1. Re:I guess the BND's backdoor by mnt · · Score: 1

      The BND is very dependend on technologies by other agencies, their capabilities are basic. And the groundwork the CCC did ("don't work for agencies") seems to work, no new blood for BND from german hackers.

  5. Any encryption is better than none by mi · · Score: 3, Insightful

    Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add.

    Having fewer people able to eavesdrop on you is enough to prefer one technology over the other. For example, even if governments A and B can still listen on your conversation with a particular party, being protected from all other governments — as well as NGOs — can be quite helpful and thus desirable.

    --
    In Soviet Washington the swamp drains you.
    1. Re:Any encryption is better than none by Opportunist · · Score: 0

      Yeah, only having the cook and the driver being able to spit on my pizza really makes the idea much, much more delightful.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Any encryption is better than none by mi · · Score: 1

      Yeah, only having the cook and the driver being able to spit on my pizza really makes the idea much, much more delightful.

      "Delightful" may not be the right word here, but, yes, the fewer people are able to spit into your food, the less your health is endangered. At least, you have some idea of how healthy your servants are, whereas total strangers could carry a really nasty infection...

      --
      In Soviet Washington the swamp drains you.
    3. Re:Any encryption is better than none by Opportunist · · Score: 0

      The problem is that this delivery guy has the whooping cough and from the looks of it you're not quite sure how much he really hates you for not being one of the few that have the means to tip him handsomely.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Any encryption is better than none by Anonymous Coward · · Score: 0

      I still have some influence over what the cook and driver get paid and whether they are employed. This is not so of all the people I don't know who might be handling my pizza including the ebola terrorist brigage, the local mafia don, and script kiddies intent on posting all the details of my business on a public site just because it gives them an ego rush.

      I'm not saying I love the possibility that the cook and driver are spitting on my pizza, but those are issues that I will have to approach from other means that the strictly technical. Those are issues of employee trust, relationship between employee and employer, etc. and those (outside of our little analogy) are political and structural before they are technical.

    5. Re:Any encryption is better than none by Anonymous Coward · · Score: 0

      Sure, if you're doing a quantitative risk assessment instead of a qualitative risk assessment....

  6. No trust by EmperorOfCanada · · Score: 0

    For $50 and a case of beer blackberry would sell its soul to the government spies and put in a back door. At this point any high value data that isn't being transmitted over an opensource system might as well be put on some floppies and sent to the spooks.

    But realistically the government is one of the last big holdouts for large installed BB bases so they can negotiate with a very large carrot and a very large stick.

    1. Re:No trust by Anonymous Coward · · Score: 3, Insightful

      You're being silly, and I suspect it's on purpose.

      BlackBerry, like any other publicly traded (and most private ones..) company in the world, can't just opt out of government or legal obligations. If a judge signs an order requirining access to information, there is not much you can do. Sure, you can appeal or protest it, but at the end of the day you have to comply. If you have a problem with this, you should really take it up with your elected leaders who enable the very same laws that are the root of the problem you clearly have an issue with.

    2. Re:No trust by Anonymous Coward · · Score: 0

      But it's up to companies to design their technology so such orders are impossible to fulfil and thus pointless. This is achieved by not having privileged access to data through use of end-to-end encryption implementations.

  7. sinking ship by bloodhawk · · Score: 2

    sounds like they are trying to install new chandeliers in the titanic. Seriously they don't need new features they need to either get out of the smartphone business or completely reinvent it, currently they are close to irrelevant as companies abandon them on mass and consumers already left them.

    1. Re:sinking ship by Anonymous Coward · · Score: 0

      Wrong.

      Slashdot users once again. Clearly you do not understand technology--because if you did, you know why government agencies are relying on BlackBerry for secure communications. Security is everything in the mobile world, and governments trust it. Look at the NSA, Pentagon, and the White house--Their using BBs. 'Nuff said. Go play with your iPhone and see how far you'll get.

  8. End-to-end crypto or not by Anonymous Coward · · Score: 1

    ... the key feature I'm liking my BB device is that I can separate the gaming part from the my real data and contacts through their 'balance' container system. I can install all the freeware Android games and apps I want and know that all they will find is an empty email account, an empty contact list, and an empty documents folder. As long as Android doesn't have a built in, free equivalent, that's transparently supported throughout all apps, I'm not in for it.

    Sqwak all you want, I don't care.