Slashdot Mirror
Blackberry Offers 'Lawful Device Interception Capabilities' (itnews.com.au)
An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.
After all, who wouldn't want the government to be able to spy on you? As long as it's lawful, that is.
Yep. As long as the government has gone through the proper procedures and has a lawfully obtained warrant, then I most certainly want to make sure they can access my private communications. Smart move by Blackberry to differentiate their product that way! I'll get rid of my iPhone next chance I get and proudly buy a Blackberry.
For the sarcasm impaired, please disregard my comment.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
It's really hard to put nails into your own coffin from the outside, but DAmn are they trying.
The new BB with slide-out keyboard running Android looked quite interesting to me and was potentially going to be my next phone.
Looks like that's not going to happen now.
Pink sheets anyone?
09 F9 11 02 9D 74 E3 5B - D8 41 56 C5 63 56 88 C0 45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Smart move by Blackberry to differentiate their product that way!
Blackberries are still being made? Rather, are they still being sold??
I thought that they had a historical hold on corporate world -- and I thought that even that was pretty much gone (Liberty Mutual has made a switch, at least in some departments, a couple of years ago).
Blackberry Offers 'Unlawful Device Interception Capabilities', since the capability is entirely orthogonal to the legality. Sounds like a great selling point to... who, exactly? Those who don't see it as problematic (insert Benjamin Franklin quote here) won't care and those who do care for sure won't buy a Blackberry. Then again, Blackberry was probably running out of ways to scare away customers and needed to add a few more. They're down to 0.3%, almost there...
Live today, because you never know what tomorrow brings
.... still use one. This makes me want to go get an iPhone.
Interesting comment, made me think...
So, thinking of this as a phone specifically enabled with spying capabilities as a feature you're right, the logical customer for such a phone is an oppressive government.
I can think of several totalitarian governments that would love a phone with baked-in spyware!
Thank you Dave Raggett
I thought the big selling point of Blackberry was security. This is anything but.
Oh well, it's not like they haven't caved to national governments before.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Thought for a minute there the headline read "Blackberry OFFERS lawful device interception capabilities."
"Lawful device interception capabilities" sounds like they'll only let all the security agencies and sub-contractors in a little bit, you know, just the tip. Nice of Blackberry for being such a good sport with all those guys ;)
Thanks, we appreciate your cooperation. What's a Blackberry?
I take Mr Beard's comments at face value, that his company can offer lawful intercept without back doors. Unfortunately this has nothing whatsoever in common with the statements made by Apple and others.
You see Blackberry has a unique position in the market, it being not just the manufacturer but also the network operator. Thus for most normal Blackberry users (non-corporate), their secure end to end communications begin and end at Blackberry's servers. Also their device encryption software has at least one known weakness to offline brute force cracking so perhaps there are more.
All this means that what Blackberry is really saying is that, since they control the communication keys and made a less than perfect encryption product they can offer lawful interception where other vendors had to rely of real hardware device encryption and end-too-end communications.
BTW, Apple does not get off scot free here as its Imessage product can offer lawful intercept, just not decryption after the fact because they too control which keys are used to encrypt which iMessage.
I mean, who wouldn't want to have a system that makes it easier for anyone to spy on you. Count me in! Perhaps I will even buy a few to help my beloved police state.
.... still use one. This makes me want to go get an iPhone.
Why, isn't this the same policy they always had? They have a copy of the encryption keys and release them when a lawful warrant is received?
I am very much in favour of the government being allowed to access private communications in individual cases with due cause and a legally obtained warrant issued by a judge. However, "being allowed" should in no way shape or form imply that zero knowledge encryption should be forbidden. Security issues aside, various governments, including my own, have time and time again shown that they absolutely cannot be trusted with such power, or trusted to play by their own rules.
Maybe BB thinks to cater to the "I have nothing to hide" crowd. I wonder how long those people would keep to that line if the government would send them a notice every time an operative listened in on their private phone calls. A bit like those notices the TSA sometimes leave in my luggage when I travel to the USA.
If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
My worry isn't lawful interception. However, backdoors and such mean that -someone- out there has a master key. And who knows how it is stored? If it falls into the wrong hands, it can utterly destroy a product, or even destroy companies if the backdoor winds up being used for advantages (knowing what competitors are bringing to the table, finding weak points to attack the company, or good old fashioned extortion/blackmail.)
Let's say the backdoor is a large RSA key. There will be organizations, including nations, with billions of dollars at their disposal, who will do anything to fetch that key. This can be live agents, network attacks, or just old fashioned kidnap and the $5 wrench. Since this basket has a lot of eggs in it, virtually everyone wants a piece of that master key.
Now, lets say the backdoor owner decides to be clever and split the key among sites. Well, how are legit requests done? LEOs will demand -many- requests, and it might be that some countries will seize and demand decryption of people's cellphones just as a matter of policy (just like how people are fingerprinted) Now you have to coordinate with those sites constantly to get them to regen their split key... and once the key is regenerated... even for a brief epheremeral time, it can be grabbed, especially with the fact there are attackers who would throw -billions- to nab that key. Security is still not improved.
OK... well, each device has its own backdoor key in a database. Same thing applies... someone will slurp that database up, even it means a home invasion of a critical admin.
The whole concept of key escrow is throwing the baby out with the bathwater. There is always the scenario of Daesh managing to buy a backdoor key, be able to find out who is where, then sending a highly targeted attack, causing far more damage than if the backdoor never existed.
The funny thing is....now BB's biggest customers are governments. So this should put the final nail in the coffin for them, as governments would definitely not want a backdoor in their devices...
Sleep your way to a whiter smile...date a dentist!
...is where you cop to having an iPhone, as if that bitch weren't already more full of holes than your grandma's colander.
>"The company may see this as a way to differentiate themselves from the competition."
Um, yeah- "Buy our phones! They are better because we allow the government to spy on you!" What a great selling feature to differentiate yourself from your competition. I bet consumers will flock to that ?!!?!?!!
The fact they felt it necessary to put the word lawful in that description is kind of like a mobster using the phrase "legitimate businessman". Real legitimate businessmen call themselves 'businessmen'. They don't need to add the word legitimate, because they are legitimate. You don't add the word 'lawful' unless deep down in your heart, you have questions about it being lawful.
excitingthingstodo.blogspot.com
The Blackberry "Priv" ad blurb...
"At BlackBerry we are passionate about raising the bar for security and privacy. Extra steps are taken at both a hardware and software level to authenticate Android in order to help protect you from malware and any attempts to temper with your OS."
I thought that some idiot had misspelled "tamper". After reading this article, I am not so sure that this was not in fact the intended word choice here.
"Lawful interception for devices, but no backdoors"
Interception is a fucking back door! It's an alternative way to make encryption useless. It's like having a heavy duty front door and deadbolt but leaving the key under the welcome mat.
There's a truism in marketing that you can only differentiate your product on the parts that the customer sees and uses. Blackberry just can't learn this lesson. They tried differentiating on the OS kernel, which the customer never sees. And now on an insecurity feature that the customer won't be allowed to use. It's been a protracted death spiral, but it's a continuing one.
Bruce Perens.
Sarcasm aside, that's pretty much the goal, yes.
Now, I (thankfully) haven't worked with BlackBerry products in many years, and I had hoped/expected that things had changed, but pretty much all phone data used to be stored on company-managed servers. The government wouldn't have direct access, but corporate IT staff would.
From the little information in TFS, it sounds like the phones are not the vulnerability, but a central server under corporate control would be a suitable target for court-ordered surveillance. That way, the corporation can avoid the hassle of being found in contempt of court.
You do not have a moral or legal right to do absolutely anything you want.
I don't think that Blackberry has ever fully understood that the end user is their actual customer. For years they have allowed IT departments and Telcos to cripple their devices. So it is basically zero surprise when they allow the government to cripple the device some more.
So after all these years let's check to see what their market share is: Oh look it is within a statistical margin of error of zero. Yup the one time king of the smartphone is so close to zero market share as to effectively be zero. I have visited a number of companies where BBs are still used and those employees are chomping at the bit to fire them into the toilet. I wonder if this news will somehow enamour them more, or will it just give them an extra reason to hate their phone.
What will determine if the break of privacy is authorized? Is it automated? Then it is a plain backdoor, there is nothing lawful in it. Machines don't know law. Is it a human who decides? No way they can process the amount of requests, they will automate this like Google does for DMCA take-downs.
Patents Drive Free Software as Hurricanes Drive Construction Industry
Even the "nothing to hide" group would fear this. If the handset can intercept comms, and its not done in the network, then it can be done across jurisdictions. e.g. Russian user is spied on by US using US warrant against Blackberry. China spies on foreign dissidents using it. Journalists targetted in Europe based on US warrant etc.
What if the FBI had to investigate the NSA? Could they do it? With these phones? Because law is multi-layered and often ignored (as Snowden leaks showed). They could not usethese phones if the target is a suspected lawful agency gone rogue.
Ya no ty. I pay my taxes, if I buy a product it is supposed to be mine.
The concept of personal property is being phased out.
Everything, from what you can say and what views you can express in public/online without being fired, being threatened with death, sued, even jailed, what you may do with things you've 'bought', right down to the money in your pocket and even you, yourself, are property of and/or controlled by the policies and agendas of the collective as dictated by a government/corporate/banking oligarchy and their sycophants and useful idiots in positions of influence in society.
I highly recommend reading "The Creature From Jekyll Island" by G. Edward Griffin to begin to understand the power structure in the US. The most powerful players are rarely mentioned in the MSM.
https://archive.org/details/Cr...
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
The Canadian government?
The US Government?
The governments of "five eyes" countries?
The Egyptian government?
The Russian government?
The Syrian government?
The Islamic State's government?
The Chinese government?
all of them?
Anything that can be used by the average computer illiterate government goon can be used by the average hacker.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Why are you not getting a Blackberry? Do you have anything to hide?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
After all, who wouldn't want all governments to be able to spy on you?
FTFY.
The claim that there isn't a backdoor suggests that they are keeping the key in escrow, so eventually you can expect a .torrent to appear with an SQL database full of Blackberry keys, at which point you will know that several national intelligence services have had full access for a few years before some amateur got in.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Yes, feel free to toss up the black-and-white definition of "lawful" these days, because it's so clear in the post 9/11 era, right?
Even our elected leaders don't know what the hell "lawful" is anymore, much like our Constitution. All that matters is sales, as demonstrated by the ass-kissing COO of Blackberry who wants to claim this crap as a "way to differentiate".
Yeah, you're different alright. You're the brand no one really wanted before due to technology.
Now you're the brand to avoid completely, regardless of your damn technology. Congratulations.
From what I understand a large number of their clients these days are governmental, so this move isn't all that surprising. If they took a different stance they probably would end up like QWest when they told the government to shove it when they started their illegal wiretaping program suddenly all of QWests government contracts were canceled and they found themselves under "investigation".
Even if you were to trust the gonernment having a back door means there is one more spot for a hacker to target. How long do you think it will take for it to be exposed than abused by the bad guys.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
The annoying thing is I was actually considering the priv for my next phone. Because they actually went through the effort of getting it fips 140 acredited. This stance just makes me want them to die.
Blackberry is relying on the corporate world's reluctance to change. So long as Blackberry is the tried and true, management will keep on buying them. After all, spying by the government is not a concern for them.
This attitude will change the first time some corporate spy, Chinese or otherwise, slips through that backdoor.
They gleefully gave the keys to the servers to governments, now they are talking about, "here have access to the data on the devices!"
They dont get it. that is why blackberry is a failure and will stay a failure. NOBODY wants them anymore. Hell they are more rare than a windows phone now.
Do not look at laser with remaining good eye.
Blackberry has clarified that there are no backdoors in their equipment. Major slip up by COO Marty Beard and it just exemplifies the terrible Communications and Marketing strategy that Blackberry has always suffered under. Every company Apple, Alphabet (Google), Samsung will cooperate with law enforcement. Just don't give them your encryption keys and you are fine. Blackberry is no different and wouldn't be used by Obama and Merkel if it wasn't secure. Don't be fooled any company will give up whatever they have when faced with a warrant from a judge. Blackberry has governments as major customers so they have to be cooperative with them. Sucks if your government is not legitimate and denies your human rights but don't look to a US corporation to intervene.
The see the day when non-backdoored encryption is outlawed, so they want to be positioned to be the only company left standing. Problem is when that day comes ( and it will ), they will be long gone.
Nice try tho. Have to give them that much credit.
And depending on which government you are under it may vary what's lawful.
What Blackberry says is just "We aren't secure anymore, so if you have concerns pick Android or Apple".
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
"I am very much in favour of the government being allowed to access private communications in individual cases with due cause and a legally obtained warrant issued by a judge"
The problem is idiots try to use this idea to ignore enshrined rights. NO matter how badly you want into my computers, you have no right to tell me that i HAVE to give you a way to read my work. Thats not a power my government has. It should not be illegal to build a computer that cannot be read by anyone but me. Governments DO NOT need absolute control over this sort of thing, its a WANT, nothing more.
Good-bye
Right: they should be allowed, yet it should be impossible for them to actually do.
It's sort of like how I'm allowed to be President of the US. But unless everybody else in the world totally screws up to comically-negligent degree (what the fuck were you thinking, voting for me?!), it can't possibly happen.
Cops are allowed to travel to Alpha Centauri. FBI employees are allowed to live to be a thousand years old. NSA crackers are allowed to have unlimited antimatter-reactor energy for free. Our laws should allow all these things. Reality, though, may have something else to say about it.
"Believe me!" -- Donald Trump
You know, I actually do feel that way? There's a reason they put the fourth amendment in the constitution. There are people we as a society want the government to be able to catch, if they do it properly.
That's the thing though - they fucked up. They had this interception treasure trove and were caught with their hands in the cookie jar because they're too afraid of the public to stick to what they're... you know, allowed to do. Their lawyers can explain until they're blue in the face how it's not technically unconstitutional, but too fucking bad, they've lost.
The Fourth Amendment reads:
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Really, I think we all want both. But the TLAs fucked up the "shall not be violated... but upon probable cause [list of conditions]" part, and the "right of the people to be secure" part is more important. So until they can get their shit back in order, yes I agree that it's better for them to lose intercept capabilities. Yes that will probably mean murderers, chlld pornographers, and terrorists going uncaught.
Really, the biggest fuckup the government made was personally pissing off the only people who could hurt them - basically, Apple and Google and the other tremendous technology companies. They really do care about both their user's privacy and their own data security - and complying with lawful government requests to the exact extent required. And they took it personally, having the NSA go around the back door when they were obeying the law on warrants. The EFF can talk until they're blue in the face about encryption and PGP-ing your email and so on, but when full-device and e2e encryption are on by default in new iPhones and Androids, that makes a much bigger difference to many more people. And of course to the TLAs.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Do you also think that they should be allowed to probe your thoughts and memories with a mind probe with due cause and a legally obtained warrant issued by a judge? Or should they be able to torture you with a legally obtained warrant issued by a judge? Can they slowly drill a hole into your child's head in front of you until you sign a confession with due cause and a legally obtained warrant issued by a judge? Can they do those things to everyone in an entire town or city with with due cause and a _one_ legally obtained warrant issued by a judge? Where exactly are the limits? And also, have you seen how low the bar is for due cause and a legally obtained warrant issued by a judge?
I suppose a more relevant question is, should they be able to break the entire spectrum of communications technology beforehand, just so that, if they ever need to, they can, with due cause and a legally obtained warrant issued by a judge, tap into your communications? Or, in fact, should they be able to tap into all your communications, record them, search that data, then present their findings to a judge as due cause for a warrant issued by a judge to search the communications they've already searched?
Blackberries are still being made? Rather, are they still being sold?? I thought that they had a historical hold on corporate world -- and I thought that even that was pretty much gone
Yep, they used to have a stranglehold on the corporate world, mostly because the executives always had Blackberries (and absolutely loved them) and IT refused to support anything else.
Then the execs all got iOS devices and ditched their blackberries and told IT to support iOS devices (or look for a new job). Now iOS holds a huge part of the corporate world that Blackberry will never get back. That market is gone from Blackberry, forever - they just don't have it in them to make a superior device.
Saw exactly this thing happen at my office. Once the big cheeses got iPhones, it was game over for Blackberry. And having a BYOD policy/project so the company didn't need to buy people phones was great from a budget standpoint.
"Nothing strengthens authority so much as silence." - Charles de Gaulle
They just brought out a new one that actually sold out at my local ATT store.
People CAN be trusted with power. But there has to be a legitimate legal wall between who wants to use the power and who allows the use of power. The courts kind of do this, but when law enforcement controls the equipment used for this kind of stuff, they can't be trusted to self police.