BlackBerry Clears Hurdle For Voice Crypto Acquisition

angry tapir writes BlackBerry is now free to integrate German security vendor Secusmart's voice encryption technology in its smartphones and software, after the German government approved its acquisition of the company. BlackBerry CEO John Chen still wants his company to be the first choice of CIOs that want nothing but the best security as he works to turn around the company's fortunes.

Unless end to end, it's a farce

[sideslash]

Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add. Won't they be sharing keys with governments (and thus potentially hackers can get the same data)?

The only secure encryption is end to end encryption where you understand and actively control/limit how the key transmission works.

Re:Unless end to end, it's a farce

If the users don't generate and completely control their keys even end-to-end is a farce.

Re:Unless end to end, it's a farce

>Since multiple governments mandate that Blackberry share back doors with them

Please tell me which ones and describe intricately how this works with the new (well, old now actually) phones. Articulate how it can affect a user not living in such a country and how it applies outside of specific business configurations. Also explain how it affects users entering that country for travel whose phone and business is setup in a country that does not have such back doors.

As you can imagine, I asked you to do those things because I know you cannot. Stop spreading FUD.

Re:Unless end to end, it's a farce

[TheCastro1689]

http://www.theverge.com/2013/7... And BB also made similar deals with many other countries.

Re:Unless end to end, it's a farce

That article doesn't answer the questions at all.

"Users" can be Indians, who are already monitored on all other platforms. Specifically, the only useful thing in that article:

"BlackBerry is emphasizing that all of this surveillance is in accordance with local law — leaving the company with little choice — and also points out that its Enterprise Server customers won't have to worry about any direct monitoring. Authorities won't have access to email records of BES users, but they will be able to request information about which businesses are using the platform, according to the Times."

Shows that BB phones are monitored less than the competition, where all users are monitored.

Still waiting to see the confirmation that won't ever happen. sideslash is just full of FUD and bullshit.

Re:Unless end to end, it's a farce

[joemerritt9090]

Yes, the article that says "Authorities won't have access to email records of BES users". BES is the enterprise email offering, that allows a company to run the delivery system locally, with its own encryption keys. The system Indian wanted access to in that article is BIS, which delivered email for the average consumer (non-enterprise) on the old (pre BB10 / Z10) phones. The new phones no longer use that system (they download email directly now) as bandwidth and battery power savings were the strengths of that old design, and those weren't winning market share.

Re:Unless end to end, it's a farce

[acoustix]

Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add. Won't they be sharing keys with governments (and thus potentially hackers can get the same data)?

The only secure encryption is end to end encryption where you understand and actively control/limit how the key transmission works.

This is a blatant lie. BES controls encryption from end-to-end. BB/RIM does not have the ability to see any traffic other than the encrypted traffic.

Re:Unless end to end, it's a farce

[sideslash]

This is a blatant lie.

No, in fact it's a fundamental principle of infosec. Unless you keep keys close to your chest and perform tightly controlled, end to end encryption, there are opportunities for subpoenas by TLAs or for top tier hackers to compromise your keys. Trusting a middle man is a fundamental compromise in the provability of your security.

Re:Unless end to end, it's a farce

Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add.

The encryption keys used by a BES server are generated by that BES server, and not by BB. As such, there is no key that BB can give to any govt which will decrypt any data sent between a BES and a connected BB phone.

Re:Unless end to end, it's a farce

[sideslash]

The encryption keys used by a BES server are generated by that BES server, and not by BB. As such, there is no key that BB can give to any govt which will decrypt any data sent between a BES and a connected BB phone.

You can substitute the BES server for BB in my remark (see, still trusting a third party), or you can recognize that BB still has control over software and software updates, and thus by definition is able to subvert the system. The most you can say is "Sure, they _can_, but I trust that they never _would_." And the infosec guys will shake their heads sadly at you.

I guess the BND's backdoor

[wiredog]

Must be fairly good, then.

Re:I guess the BND's backdoor

[mnt]

The BND is very dependend on technologies by other agencies, their capabilities are basic. And the groundwork the CCC did ("don't work for agencies") seems to work, no new blood for BND from german hackers.

Any encryption is better than none

[mi]

Since multiple governments mandate that Blackberry share back doors with them, it's not clear to me what benefit more encryption will really add.

Having fewer people able to eavesdrop on you is enough to prefer one technology over the other. For example, even if governments A and B can still listen on your conversation with a particular party, being protected from all other governments — as well as NGOs — can be quite helpful and thus desirable.

Re:Any encryption is better than none

[mi]

Yeah, only having the cook and the driver being able to spit on my pizza really makes the idea much, much more delightful.

"Delightful" may not be the right word here, but, yes, the fewer people are able to spit into your food, the less your health is endangered. At least, you have some idea of how healthy your servants are, whereas total strangers could carry a really nasty infection...

Re:No trust

You're being silly, and I suspect it's on purpose.

BlackBerry, like any other publicly traded (and most private ones..) company in the world, can't just opt out of government or legal obligations. If a judge signs an order requirining access to information, there is not much you can do. Sure, you can appeal or protest it, but at the end of the day you have to comply. If you have a problem with this, you should really take it up with your elected leaders who enable the very same laws that are the root of the problem you clearly have an issue with.

sinking ship

[bloodhawk]

sounds like they are trying to install new chandeliers in the titanic. Seriously they don't need new features they need to either get out of the smartphone business or completely reinvent it, currently they are close to irrelevant as companies abandon them on mass and consumers already left them.

End-to-end crypto or not

... the key feature I'm liking my BB device is that I can separate the gaming part from the my real data and contacts through their 'balance' container system. I can install all the freeware Android games and apps I want and know that all they will find is an empty email account, an empty contact list, and an empty documents folder. As long as Android doesn't have a built in, free equivalent, that's transparently supported throughout all apps, I'm not in for it.

Sqwak all you want, I don't care.