Blackberry Offers 'Lawful Device Interception Capabilities'

An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.

How secure is the backdoor? This is my worry.

My worry isn't lawful interception. However, backdoors and such mean that -someone- out there has a master key. And who knows how it is stored? If it falls into the wrong hands, it can utterly destroy a product, or even destroy companies if the backdoor winds up being used for advantages (knowing what competitors are bringing to the table, finding weak points to attack the company, or good old fashioned extortion/blackmail.)

Let's say the backdoor is a large RSA key. There will be organizations, including nations, with billions of dollars at their disposal, who will do anything to fetch that key. This can be live agents, network attacks, or just old fashioned kidnap and the $5 wrench. Since this basket has a lot of eggs in it, virtually everyone wants a piece of that master key.

Now, lets say the backdoor owner decides to be clever and split the key among sites. Well, how are legit requests done? LEOs will demand -many- requests, and it might be that some countries will seize and demand decryption of people's cellphones just as a matter of policy (just like how people are fingerprinted) Now you have to coordinate with those sites constantly to get them to regen their split key... and once the key is regenerated... even for a brief epheremeral time, it can be grabbed, especially with the fact there are attackers who would throw -billions- to nab that key. Security is still not improved.

OK... well, each device has its own backdoor key in a database. Same thing applies... someone will slurp that database up, even it means a home invasion of a critical admin.

The whole concept of key escrow is throwing the baby out with the bathwater. There is always the scenario of Daesh managing to buy a backdoor key, be able to find out who is where, then sending a highly targeted attack, causing far more damage than if the backdoor never existed.

Differentiate?

[markdavis]

>"The company may see this as a way to differentiate themselves from the competition."

Um, yeah- "Buy our phones! They are better because we allow the government to spy on you!" What a great selling feature to differentiate yourself from your competition. I bet consumers will flock to that ?!!?!?!!