Slashdot Mirror
Blackberry Offers 'Lawful Device Interception Capabilities' (itnews.com.au)
An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.
After all, who wouldn't want the government to be able to spy on you? As long as it's lawful, that is.
Yep. As long as the government has gone through the proper procedures and has a lawfully obtained warrant, then I most certainly want to make sure they can access my private communications. Smart move by Blackberry to differentiate their product that way! I'll get rid of my iPhone next chance I get and proudly buy a Blackberry.
For the sarcasm impaired, please disregard my comment.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
It's really hard to put nails into your own coffin from the outside, but DAmn are they trying.
The new BB with slide-out keyboard running Android looked quite interesting to me and was potentially going to be my next phone.
Looks like that's not going to happen now.
"Comrad Snowden, what can you tell us about new Blackberry device you received in mail?"
Pink sheets anyone?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
So they differentiate themselves from the competition by fucking their userbase ?
How about improving over the competition, yeah that requires work and vision. Too costly for a has been company.
Smart move by Blackberry to differentiate their product that way!
Blackberries are still being made? Rather, are they still being sold??
I thought that they had a historical hold on corporate world -- and I thought that even that was pretty much gone (Liberty Mutual has made a switch, at least in some departments, a couple of years ago).
Blackberry Offers 'Unlawful Device Interception Capabilities', since the capability is entirely orthogonal to the legality. Sounds like a great selling point to... who, exactly? Those who don't see it as problematic (insert Benjamin Franklin quote here) won't care and those who do care for sure won't buy a Blackberry. Then again, Blackberry was probably running out of ways to scare away customers and needed to add a few more. They're down to 0.3%, almost there...
Live today, because you never know what tomorrow brings
Yeah all of over on legal are on with this (not). A last ditch effort for a failing company willing and ready to sacrifice all ethics.
I think the actual chances of Apple *or* Google might be able to deliver on their statements is below 50% for U.S./U.K./Chinese/Israel...equivalent intelligence appariti.
What Blackberry is saying is that they will also cave to official requests from countries *not* employing the requisite armies of mathematicians and black hats, so that my communications become fair game for Random Oppressive Country X because I spent 12 hours in the transit lounge there and they wanna make sure I hadn't broken any laws while there.
.... still use one. This makes me want to go get an iPhone.
Interesting comment, made me think...
So, thinking of this as a phone specifically enabled with spying capabilities as a feature you're right, the logical customer for such a phone is an oppressive government.
I can think of several totalitarian governments that would love a phone with baked-in spyware!
Thank you Dave Raggett
I thought the big selling point of Blackberry was security. This is anything but.
Oh well, it's not like they haven't caved to national governments before.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Thought for a minute there the headline read "Blackberry OFFERS lawful device interception capabilities."
"Lawful device interception capabilities" sounds like they'll only let all the security agencies and sub-contractors in a little bit, you know, just the tip. Nice of Blackberry for being such a good sport with all those guys ;)
Now all them evil-law-breakers know which phone not to buy. Yer totally gunna put a dent in them now.
Ya no ty. I pay my taxes, if I buy a product it is supposed to be mine.
Thanks, we appreciate your cooperation. What's a Blackberry?
I take Mr Beard's comments at face value, that his company can offer lawful intercept without back doors. Unfortunately this has nothing whatsoever in common with the statements made by Apple and others.
You see Blackberry has a unique position in the market, it being not just the manufacturer but also the network operator. Thus for most normal Blackberry users (non-corporate), their secure end to end communications begin and end at Blackberry's servers. Also their device encryption software has at least one known weakness to offline brute force cracking so perhaps there are more.
All this means that what Blackberry is really saying is that, since they control the communication keys and made a less than perfect encryption product they can offer lawful interception where other vendors had to rely of real hardware device encryption and end-too-end communications.
BTW, Apple does not get off scot free here as its Imessage product can offer lawful intercept, just not decryption after the fact because they too control which keys are used to encrypt which iMessage.
I was on the fence on buying a Blackberry Passport when me and my GF merge plans. But completely not an option now. I'll stick to my dumb tracphone.
I mean, who wouldn't want to have a system that makes it easier for anyone to spy on you. Count me in! Perhaps I will even buy a few to help my beloved police state.
.... still use one. This makes me want to go get an iPhone.
Why, isn't this the same policy they always had? They have a copy of the encryption keys and release them when a lawful warrant is received?
I am very much in favour of the government being allowed to access private communications in individual cases with due cause and a legally obtained warrant issued by a judge. However, "being allowed" should in no way shape or form imply that zero knowledge encryption should be forbidden. Security issues aside, various governments, including my own, have time and time again shown that they absolutely cannot be trusted with such power, or trusted to play by their own rules.
Maybe BB thinks to cater to the "I have nothing to hide" crowd. I wonder how long those people would keep to that line if the government would send them a notice every time an operative listened in on their private phone calls. A bit like those notices the TSA sometimes leave in my luggage when I travel to the USA.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
My worry isn't lawful interception. However, backdoors and such mean that -someone- out there has a master key. And who knows how it is stored? If it falls into the wrong hands, it can utterly destroy a product, or even destroy companies if the backdoor winds up being used for advantages (knowing what competitors are bringing to the table, finding weak points to attack the company, or good old fashioned extortion/blackmail.)
Let's say the backdoor is a large RSA key. There will be organizations, including nations, with billions of dollars at their disposal, who will do anything to fetch that key. This can be live agents, network attacks, or just old fashioned kidnap and the $5 wrench. Since this basket has a lot of eggs in it, virtually everyone wants a piece of that master key.
Now, lets say the backdoor owner decides to be clever and split the key among sites. Well, how are legit requests done? LEOs will demand -many- requests, and it might be that some countries will seize and demand decryption of people's cellphones just as a matter of policy (just like how people are fingerprinted) Now you have to coordinate with those sites constantly to get them to regen their split key... and once the key is regenerated... even for a brief epheremeral time, it can be grabbed, especially with the fact there are attackers who would throw -billions- to nab that key. Security is still not improved.
OK... well, each device has its own backdoor key in a database. Same thing applies... someone will slurp that database up, even it means a home invasion of a critical admin.
The whole concept of key escrow is throwing the baby out with the bathwater. There is always the scenario of Daesh managing to buy a backdoor key, be able to find out who is where, then sending a highly targeted attack, causing far more damage than if the backdoor never existed.
The funny thing is....now BB's biggest customers are governments. So this should put the final nail in the coffin for them, as governments would definitely not want a backdoor in their devices...
Sleep your way to a whiter smile...date a dentist!
...is where you cop to having an iPhone, as if that bitch weren't already more full of holes than your grandma's colander.
>"The company may see this as a way to differentiate themselves from the competition."
Um, yeah- "Buy our phones! They are better because we allow the government to spy on you!" What a great selling feature to differentiate yourself from your competition. I bet consumers will flock to that ?!!?!?!!
The fact they felt it necessary to put the word lawful in that description is kind of like a mobster using the phrase "legitimate businessman". Real legitimate businessmen call themselves 'businessmen'. They don't need to add the word legitimate, because they are legitimate. You don't add the word 'lawful' unless deep down in your heart, you have questions about it being lawful.
excitingthingstodo.blogspot.com
The Blackberry "Priv" ad blurb...
"At BlackBerry we are passionate about raising the bar for security and privacy. Extra steps are taken at both a hardware and software level to authenticate Android in order to help protect you from malware and any attempts to temper with your OS."
I thought that some idiot had misspelled "tamper". After reading this article, I am not so sure that this was not in fact the intended word choice here.
BlackBerry has always been about security and now you're gonna leave this kind of backdoor wide open for "lawful" spying? You just know it won't be used for that and it will also be used whenever they can.
Blackberry is officially dead with this, nobody will want to buy a blackberry phone now, even more so considering nobody was buying them to begin with other than many a few companies.
"Lawful interception for devices, but no backdoors"
Interception is a fucking back door! It's an alternative way to make encryption useless. It's like having a heavy duty front door and deadbolt but leaving the key under the welcome mat.
There's a truism in marketing that you can only differentiate your product on the parts that the customer sees and uses. Blackberry just can't learn this lesson. They tried differentiating on the OS kernel, which the customer never sees. And now on an insecurity feature that the customer won't be allowed to use. It's been a protracted death spiral, but it's a continuing one.
Bruce Perens.
Sarcasm aside, that's pretty much the goal, yes.
Now, I (thankfully) haven't worked with BlackBerry products in many years, and I had hoped/expected that things had changed, but pretty much all phone data used to be stored on company-managed servers. The government wouldn't have direct access, but corporate IT staff would.
From the little information in TFS, it sounds like the phones are not the vulnerability, but a central server under corporate control would be a suitable target for court-ordered surveillance. That way, the corporation can avoid the hassle of being found in contempt of court.
You do not have a moral or legal right to do absolutely anything you want.
I don't think that Blackberry has ever fully understood that the end user is their actual customer. For years they have allowed IT departments and Telcos to cripple their devices. So it is basically zero surprise when they allow the government to cripple the device some more.
So after all these years let's check to see what their market share is: Oh look it is within a statistical margin of error of zero. Yup the one time king of the smartphone is so close to zero market share as to effectively be zero. I have visited a number of companies where BBs are still used and those employees are chomping at the bit to fire them into the toilet. I wonder if this news will somehow enamour them more, or will it just give them an extra reason to hate their phone.
Who decides what's lawful? Government
Who performs the intercept? Government
Anyone else see a problem there?
Your last strong selling point well and truely buried!
that blackberry is absolutely tone deaf to their customers.
What will determine if the break of privacy is authorized? Is it automated? Then it is a plain backdoor, there is nothing lawful in it. Machines don't know law. Is it a human who decides? No way they can process the amount of requests, they will automate this like Google does for DMCA take-downs.
Patents Drive Free Software as Hurricanes Drive Construction Industry
They all offer this "service". At least blackberry is being upfront about it. Is honesty a bad thing?
Even the "nothing to hide" group would fear this. If the handset can intercept comms, and its not done in the network, then it can be done across jurisdictions. e.g. Russian user is spied on by US using US warrant against Blackberry. China spies on foreign dissidents using it. Journalists targetted in Europe based on US warrant etc.
What if the FBI had to investigate the NSA? Could they do it? With these phones? Because law is multi-layered and often ignored (as Snowden leaks showed). They could not usethese phones if the target is a suspected lawful agency gone rogue.
The Canadian government?
The US Government?
The governments of "five eyes" countries?
The Egyptian government?
The Russian government?
The Syrian government?
The Islamic State's government?
The Chinese government?
all of them?
The new BB with slide-out keyboard running Android looked quite interesting to me and was potentially going to be my next phone.
Looks like that's not going to happen now.
Same for me. The hardware keyboard was extremely attractive, and well worth the cost of the phone. Actually, the hardware keyboard would be attractive at almost any price.
Until this announcement. BB just shot themselves squarely in the head with a sawn-off shotgun.
"Buy into our secure communication tools because it's possible for the message to be intercepted by a 3rd party!!!"
and good riddance to bad technology. Seems like encrypting end to end would have been the smart choice to stick around for another year. Still, glad to see worthless tech bite the dust.
Is it a unique back-door key per phone? Or one back-door key for all phones?
If it's a unique key per phone, that would make the legal interception capability depend on the telephone. If a warrant were received for all BB phones, it would clearly be unlawful - or at least disproportionate - and could be challenged by BB in the courts.
If a warrant were received for all BB phones sold in a particular country, and the law backed them (or they lack the rule of law, as in PRC, DPRK, etc.), then those keys would be provided. If a warrant were received for a phone which was temporarily in such a country, but which was sold in a different country, and BB provided it, then screw them.
If it's one key for all phones, or even for a significant subset (e.g. all phones sold in a single country), then screw them.
Anything that can be used by the average computer illiterate government goon can be used by the average hacker.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
After all, who wouldn't want all governments to be able to spy on you?
FTFY.
The claim that there isn't a backdoor suggests that they are keeping the key in escrow, so eventually you can expect a .torrent to appear with an SQL database full of Blackberry keys, at which point you will know that several national intelligence services have had full access for a few years before some amateur got in.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
...IT summit"
American idiots.
Cows are so evil. They say moo. They say moo. That is the way of their kind. Their kind.
I wonder what they'll do when people realize that unbreakable encryption exists and is device independent provided the ends communicating can share a one-time-pad key in advance... and more importantly, know how to generate, safeguard and USE them correctly... those are basically immune to breaking, impervious to MITM and impersonation attacks, (again, assuming the ends are secure and the pad truly random, and only used once, and that some form of pre-enciphering checksum is employed, or other anti-tampering measure is employed).
Anyone who cares about COMSEC/INFOSEC will have authentication and duress words pre-agreed to. Good luck breaking that, since (again, provided it's used correctly and the ends are secure,) mathematically impossible to break.
For anyone who doesn't know, the strength of a one time pad comes from the fact that the message is converted to numbers and added or subtracted to random numbers know ONLY to the sender and receiver, and are used as the inputs to problems of the form A+B=C, where for each character in the message, A B & C are different. Suppose A is a character of the message, and B the corresponding part of the key. The C is the sum and is what gets transmitted. Without knowing the Bs, you can never know with any certainty what any of the As were, and the As were the original message.
Only with the right set of numbers do you know the correct message output. As for any given C, without B or A there is no unique solution, even if an eavesdropper guesses the As correctly, there will be no indication that a correct guess is correct any more than any other, incorrect guess.
The reason we aren't all just using that is the pain in the ass that it is to generate the keys, and the difficulty in distributing them.
Otherwise it's not only the best encryption there is, it's the best possible.
Wasn't there a news story about Russians trying to hack Blackberry because the President owned one a whle ago?
Blackberry, the exclusive tool for politicians and officials because it's easy to hack.
Thanks Blackberry!
If Blackberry is the only manufacturer willing to play by .gov's rules, then it should be the only contender for .gov contracts. Same as NYT's idea for gun-makers. (Disclosure: author is long BBRY)
Yes, feel free to toss up the black-and-white definition of "lawful" these days, because it's so clear in the post 9/11 era, right?
Even our elected leaders don't know what the hell "lawful" is anymore, much like our Constitution. All that matters is sales, as demonstrated by the ass-kissing COO of Blackberry who wants to claim this crap as a "way to differentiate".
Yeah, you're different alright. You're the brand no one really wanted before due to technology.
Now you're the brand to avoid completely, regardless of your damn technology. Congratulations.
From what I understand a large number of their clients these days are governmental, so this move isn't all that surprising. If they took a different stance they probably would end up like QWest when they told the government to shove it when they started their illegal wiretaping program suddenly all of QWests government contracts were canceled and they found themselves under "investigation".
Even if you were to trust the gonernment having a back door means there is one more spot for a hacker to target. How long do you think it will take for it to be exposed than abused by the bad guys.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
But governments can't be trusted with this power. They just don't give a shit about whether it's lawful or not. And when they are caught with the fingers in the jar, nobody takes the blame. So no thanks. Call me a terrorist all you want, but I will communicate privately when I decide to. And someone with bad intentions will do the same.
The annoying thing is I was actually considering the priv for my next phone. Because they actually went through the effort of getting it fips 140 acredited. This stance just makes me want them to die.
Blackberry is relying on the corporate world's reluctance to change. So long as Blackberry is the tried and true, management will keep on buying them. After all, spying by the government is not a concern for them.
This attitude will change the first time some corporate spy, Chinese or otherwise, slips through that backdoor.
They gleefully gave the keys to the servers to governments, now they are talking about, "here have access to the data on the devices!"
They dont get it. that is why blackberry is a failure and will stay a failure. NOBODY wants them anymore. Hell they are more rare than a windows phone now.
Do not look at laser with remaining good eye.
Half a penny per share? LoLz!
Next time you travel to the "Land of the free. Home of the Brave" leave a "Chucky Doll" in one of your checked bags. That should terrorise the TSA thug.
Blackberry has clarified that there are no backdoors in their equipment. Major slip up by COO Marty Beard and it just exemplifies the terrible Communications and Marketing strategy that Blackberry has always suffered under. Every company Apple, Alphabet (Google), Samsung will cooperate with law enforcement. Just don't give them your encryption keys and you are fine. Blackberry is no different and wouldn't be used by Obama and Merkel if it wasn't secure. Don't be fooled any company will give up whatever they have when faced with a warrant from a judge. Blackberry has governments as major customers so they have to be cooperative with them. Sucks if your government is not legitimate and denies your human rights but don't look to a US corporation to intervene.
The see the day when non-backdoored encryption is outlawed, so they want to be positioned to be the only company left standing. Problem is when that day comes ( and it will ), they will be long gone.
Nice try tho. Have to give them that much credit.
And depending on which government you are under it may vary what's lawful.
What Blackberry says is just "We aren't secure anymore, so if you have concerns pick Android or Apple".
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
"I am very much in favour of the government being allowed to access private communications in individual cases with due cause and a legally obtained warrant issued by a judge"
The problem is idiots try to use this idea to ignore enshrined rights. NO matter how badly you want into my computers, you have no right to tell me that i HAVE to give you a way to read my work. Thats not a power my government has. It should not be illegal to build a computer that cannot be read by anyone but me. Governments DO NOT need absolute control over this sort of thing, its a WANT, nothing more.
Good-bye
Right: they should be allowed, yet it should be impossible for them to actually do.
It's sort of like how I'm allowed to be President of the US. But unless everybody else in the world totally screws up to comically-negligent degree (what the fuck were you thinking, voting for me?!), it can't possibly happen.
Cops are allowed to travel to Alpha Centauri. FBI employees are allowed to live to be a thousand years old. NSA crackers are allowed to have unlimited antimatter-reactor energy for free. Our laws should allow all these things. Reality, though, may have something else to say about it.
"Believe me!" -- Donald Trump
You know, I actually do feel that way? There's a reason they put the fourth amendment in the constitution. There are people we as a society want the government to be able to catch, if they do it properly.
That's the thing though - they fucked up. They had this interception treasure trove and were caught with their hands in the cookie jar because they're too afraid of the public to stick to what they're... you know, allowed to do. Their lawyers can explain until they're blue in the face how it's not technically unconstitutional, but too fucking bad, they've lost.
The Fourth Amendment reads:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Really, I think we all want both. But the TLAs fucked up the "shall not be violated... but upon probable cause [list of conditions]" part, and the "right of the people to be secure" part is more important. So until they can get their shit back in order, yes I agree that it's better for them to lose intercept capabilities. Yes that will probably mean murderers, chlld pornographers, and terrorists going uncaught.
Really, the biggest fuckup the government made was personally pissing off the only people who could hurt them - basically, Apple and Google and the other tremendous technology companies. They really do care about both their user's privacy and their own data security - and complying with lawful government requests to the exact extent required. And they took it personally, having the NSA go around the back door when they were obeying the law on warrants. The EFF can talk until they're blue in the face about encryption and PGP-ing your email and so on, but when full-device and e2e encryption are on by default in new iPhones and Androids, that makes a much bigger difference to many more people. And of course to the TLAs.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Do you also think that they should be allowed to probe your thoughts and memories with a mind probe with due cause and a legally obtained warrant issued by a judge? Or should they be able to torture you with a legally obtained warrant issued by a judge? Can they slowly drill a hole into your child's head in front of you until you sign a confession with due cause and a legally obtained warrant issued by a judge? Can they do those things to everyone in an entire town or city with with due cause and a _one_ legally obtained warrant issued by a judge? Where exactly are the limits? And also, have you seen how low the bar is for due cause and a legally obtained warrant issued by a judge?
I suppose a more relevant question is, should they be able to break the entire spectrum of communications technology beforehand, just so that, if they ever need to, they can, with due cause and a legally obtained warrant issued by a judge, tap into your communications? Or, in fact, should they be able to tap into all your communications, record them, search that data, then present their findings to a judge as due cause for a warrant issued by a judge to search the communications they've already searched?
Blackberries are still being made? Rather, are they still being sold?? I thought that they had a historical hold on corporate world -- and I thought that even that was pretty much gone
Yep, they used to have a stranglehold on the corporate world, mostly because the executives always had Blackberries (and absolutely loved them) and IT refused to support anything else.
Then the execs all got iOS devices and ditched their blackberries and told IT to support iOS devices (or look for a new job). Now iOS holds a huge part of the corporate world that Blackberry will never get back. That market is gone from Blackberry, forever - they just don't have it in them to make a superior device.
Saw exactly this thing happen at my office. Once the big cheeses got iPhones, it was game over for Blackberry. And having a BYOD policy/project so the company didn't need to buy people phones was great from a budget standpoint.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
Blackberry was the fucking shit. Having a full keyboard, a multi-line screen that could display simple HTML, and the ability to fire off emails and quick IMs to my friends and co-workers was fucking SWEET, in early 1999.
Fast forward to 2015. Multiple failures to innovate, multiple disastrous product launches, multiple infrastructure failures, and a few near bankruptcies later, and what do we have? A company trying to be relevant against competition that is for all intents and purposes a full decade ahead. Oh, you have an android device now? No thanks, I'll just stick with a real android phone. They've served me extremely well for many years.
If you still use a Blackberry in 2015, you probably need to have your head examined. This "lawful device interception capability" bullshit is just another nail in a coffin that's already been nailed shut.
I must rush out and buy one, after all who doesn't what a dis-honest Government spying on them.
It is, because Cook keeps claiming they've never provided a backdoor to the NSA, so the general Apple user thinks that's actually true.
Whether Cook is intentionally lying or uninformed is unknown.
They just brought out a new one that actually sold out at my local ATT store.
People CAN be trusted with power. But there has to be a legitimate legal wall between who wants to use the power and who allows the use of power. The courts kind of do this, but when law enforcement controls the equipment used for this kind of stuff, they can't be trusted to self police.
cook them after self-castration
Sounds like a back door to me. How different is their "lawful device interception capabilities" different from the competition? They could have made a lot of money and saved their company but now they have basically said that they are not any different than iPhone or Android based phones. No surprise when companies like Lavabit have been forced to comply with the US Government demands or shut down.