Slashdot Mirror
Blackberry Offers 'Lawful Device Interception Capabilities' (itnews.com.au)
An anonymous reader writes: Apple and Google have been vocal in their opposition to any kind of government regulation of cell phone encryption. BlackBerry, however, is taking a different stance, saying it specifically supports "lawful interception capabilities" for government surveillance. BlackBerry COO Marty Beard as much at a recent IT summit. He declined to explain how the interception works, but he denied the phones would contain "backdoors" and said governments would have no direct access to BlackBerry servers. The company may see this as a way to differentiate themselves from the competition.
After all, who wouldn't want the government to be able to spy on you? As long as it's lawful, that is.
Yep. As long as the government has gone through the proper procedures and has a lawfully obtained warrant, then I most certainly want to make sure they can access my private communications. Smart move by Blackberry to differentiate their product that way! I'll get rid of my iPhone next chance I get and proudly buy a Blackberry.
For the sarcasm impaired, please disregard my comment.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
It's really hard to put nails into your own coffin from the outside, but DAmn are they trying.
The new BB with slide-out keyboard running Android looked quite interesting to me and was potentially going to be my next phone.
Looks like that's not going to happen now.
.... still use one. This makes me want to go get an iPhone.
Interesting comment, made me think...
So, thinking of this as a phone specifically enabled with spying capabilities as a feature you're right, the logical customer for such a phone is an oppressive government.
I can think of several totalitarian governments that would love a phone with baked-in spyware!
Thank you Dave Raggett
I thought the big selling point of Blackberry was security. This is anything but.
Oh well, it's not like they haven't caved to national governments before.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I take Mr Beard's comments at face value, that his company can offer lawful intercept without back doors. Unfortunately this has nothing whatsoever in common with the statements made by Apple and others.
You see Blackberry has a unique position in the market, it being not just the manufacturer but also the network operator. Thus for most normal Blackberry users (non-corporate), their secure end to end communications begin and end at Blackberry's servers. Also their device encryption software has at least one known weakness to offline brute force cracking so perhaps there are more.
All this means that what Blackberry is really saying is that, since they control the communication keys and made a less than perfect encryption product they can offer lawful interception where other vendors had to rely of real hardware device encryption and end-too-end communications.
BTW, Apple does not get off scot free here as its Imessage product can offer lawful intercept, just not decryption after the fact because they too control which keys are used to encrypt which iMessage.
My worry isn't lawful interception. However, backdoors and such mean that -someone- out there has a master key. And who knows how it is stored? If it falls into the wrong hands, it can utterly destroy a product, or even destroy companies if the backdoor winds up being used for advantages (knowing what competitors are bringing to the table, finding weak points to attack the company, or good old fashioned extortion/blackmail.)
Let's say the backdoor is a large RSA key. There will be organizations, including nations, with billions of dollars at their disposal, who will do anything to fetch that key. This can be live agents, network attacks, or just old fashioned kidnap and the $5 wrench. Since this basket has a lot of eggs in it, virtually everyone wants a piece of that master key.
Now, lets say the backdoor owner decides to be clever and split the key among sites. Well, how are legit requests done? LEOs will demand -many- requests, and it might be that some countries will seize and demand decryption of people's cellphones just as a matter of policy (just like how people are fingerprinted) Now you have to coordinate with those sites constantly to get them to regen their split key... and once the key is regenerated... even for a brief epheremeral time, it can be grabbed, especially with the fact there are attackers who would throw -billions- to nab that key. Security is still not improved.
OK... well, each device has its own backdoor key in a database. Same thing applies... someone will slurp that database up, even it means a home invasion of a critical admin.
The whole concept of key escrow is throwing the baby out with the bathwater. There is always the scenario of Daesh managing to buy a backdoor key, be able to find out who is where, then sending a highly targeted attack, causing far more damage than if the backdoor never existed.
>"The company may see this as a way to differentiate themselves from the competition."
Um, yeah- "Buy our phones! They are better because we allow the government to spy on you!" What a great selling feature to differentiate yourself from your competition. I bet consumers will flock to that ?!!?!?!!
The fact they felt it necessary to put the word lawful in that description is kind of like a mobster using the phrase "legitimate businessman". Real legitimate businessmen call themselves 'businessmen'. They don't need to add the word legitimate, because they are legitimate. You don't add the word 'lawful' unless deep down in your heart, you have questions about it being lawful.
excitingthingstodo.blogspot.com
The Blackberry "Priv" ad blurb...
"At BlackBerry we are passionate about raising the bar for security and privacy. Extra steps are taken at both a hardware and software level to authenticate Android in order to help protect you from malware and any attempts to temper with your OS."
I thought that some idiot had misspelled "tamper". After reading this article, I am not so sure that this was not in fact the intended word choice here.
"Lawful interception for devices, but no backdoors"
Interception is a fucking back door! It's an alternative way to make encryption useless. It's like having a heavy duty front door and deadbolt but leaving the key under the welcome mat.
There's a truism in marketing that you can only differentiate your product on the parts that the customer sees and uses. Blackberry just can't learn this lesson. They tried differentiating on the OS kernel, which the customer never sees. And now on an insecurity feature that the customer won't be allowed to use. It's been a protracted death spiral, but it's a continuing one.
Bruce Perens.
Sarcasm aside, that's pretty much the goal, yes.
Now, I (thankfully) haven't worked with BlackBerry products in many years, and I had hoped/expected that things had changed, but pretty much all phone data used to be stored on company-managed servers. The government wouldn't have direct access, but corporate IT staff would.
From the little information in TFS, it sounds like the phones are not the vulnerability, but a central server under corporate control would be a suitable target for court-ordered surveillance. That way, the corporation can avoid the hassle of being found in contempt of court.
You do not have a moral or legal right to do absolutely anything you want.
You mean like the full encryption on lock, and the end-to-end encryption for iMessage?
Ya no ty. I pay my taxes, if I buy a product it is supposed to be mine.
The concept of personal property is being phased out.
Everything, from what you can say and what views you can express in public/online without being fired, being threatened with death, sued, even jailed, what you may do with things you've 'bought', right down to the money in your pocket and even you, yourself, are property of and/or controlled by the policies and agendas of the collective as dictated by a government/corporate/banking oligarchy and their sycophants and useful idiots in positions of influence in society.
I highly recommend reading "The Creature From Jekyll Island" by G. Edward Griffin to begin to understand the power structure in the US. The most powerful players are rarely mentioned in the MSM.
https://archive.org/details/Cr...
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
The Canadian government?
The US Government?
The governments of "five eyes" countries?
The Egyptian government?
The Russian government?
The Syrian government?
The Islamic State's government?
The Chinese government?
all of them?
>> .... still use one. This makes me want to go get an iPhone.
> Why, isn't this the same policy they always had?
Correct, it has always been Blackberry policy to make you want to go get an iPhone.
After all, who wouldn't want all governments to be able to spy on you?
FTFY.
The claim that there isn't a backdoor suggests that they are keeping the key in escrow, so eventually you can expect a .torrent to appear with an SQL database full of Blackberry keys, at which point you will know that several national intelligence services have had full access for a few years before some amateur got in.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
From what I understand a large number of their clients these days are governmental, so this move isn't all that surprising. If they took a different stance they probably would end up like QWest when they told the government to shove it when they started their illegal wiretaping program suddenly all of QWests government contracts were canceled and they found themselves under "investigation".
The annoying thing is I was actually considering the priv for my next phone. Because they actually went through the effort of getting it fips 140 acredited. This stance just makes me want them to die.
Yes my iPhone contains the private key. Apple doesn't have it.If I turn off iCloud backup --- something I would do if I were worried about hiding from the government. I'm not aware of any untethered jailbreaks that have come out in the last few years -- meaning someone would first have to have physical access to my phone and then unlock it -- after 10 attempts it is not only erased, the private key used to decrypt the local data is erased.